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SIEBEL,  SAP  PUSH 
CRM  UPGRADES 

Rivals  battle  for  users 
with  dueling  releases 


BY  MARC  L.  SONGINI 

Siebel  Systems  Inc.  and  SAP 
AG  last  week  heated  up  the 
competition  in  the  customer 
relationship  management  mar¬ 
ket  by  announcing  upgrades  of 
their  rival  application  suites. 

Siebel  released  a  new  ver¬ 
sion  of  its  applications,  dubbed 
Siebel  7.5,  that  comes  with 
hundreds  of  built-in  business 
processes  tailored  for  users  in 
20  different  vertical  industries. 
For  example,  Siebel  said  a  ver¬ 


sion  of  the  software  for  retail 
banking  will  be  able  to  auto¬ 
mate  the  process  of  changing 
customer  addresses  and  stop¬ 
ping  payments  on  checks. 

Siebel  7.5  is  also  the  first 
release  of  the  CRM  software 
to  include  pieces  of  the  com¬ 
pany’s  Universal  Application 
Network  technology  for  devel¬ 
oping  integration  links  with 
other  systems,  said  Ed  Abbo, 
senior  vice  president  of  tech¬ 
nology  at  Siebel. 

Meanwhile,  SAP  detailed  Ver¬ 
sion  3.1  of  its  mySAP  CRM  soft- 
Siebel  and  SAP,  page  61 

CUSTOMER-READY 

For  full  coverage  of  CRM  technology, 
visit  our  Knowledge  Center. 
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LEGACY  TIES  WEIGH  ON  CRM  PROJECT 


Siebel  user  works  to 
integrate  new,  old  apps 


BY  LUCAS  MEARIAN 

Countrywide  Credit  Industries 
Inc.,  a  $4  billion  financial  ser¬ 
vices  firm,  is  embarking  on  a 
multiyear  project  to  roll  out 
Siebel  Systems  Inc.’s  customer 
relationship  management  soft¬ 
ware  across  20  divisions.  But  it 
faces  a  big  challenge:  integrat¬ 
ing  the  new  applications  with 
existing  ones  that  run  on  IBM 
AS/400s  and  mainframes. 

The  project  began  in  July 
and  is  expected  to  take  three  to 
five  years  to  complete,  said 
Tony  Vigna,  vice  president  of 
CRM  development  at  Cala- 


basas,  Calif.-based  Country¬ 
wide.  He  declined  to  comment 
on  the  expected  cost  of  the 
Siebel  rollout  and  the  applica¬ 
tion  integration  effort. 

The  planned  installation  of 
the  Siebel  7  software  is  de¬ 
signed  to  give  Countrywide  a 
complete  set  of  information 
about  its  customers  through  a 
single  user  interface,  and  vice 
versa.  “We  wanted  a  unified 
view  of  our  customer,  as  well 
as  giving  our  customer  a  uni¬ 
fied  view  of  us,”  Vigna  said. 

However,  getting  those  uni¬ 
fied  views  will  require  the  use 
of  integration  tools  developed 
by  Seattle-based  WRQ_Inc.  as 
a  middleware  layer  between 
Legacy  Ties,  page  61 
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IT  Responds 


One  year  after 
the  devastat¬ 
ing  attacks 
on  the  World  Trade  Center 
and  the  Pentagon,  IT  profes¬ 
sionals  are  at  the  forefront 
of  efforts  to  prevent  the 
nightmare  of  a  recurrence 
—  and  to  be  prepared  if 
what  used  to  be  unthinkable 
happens  again. 


RILL  COVERAGE  OF  AHACK  ON  AMERICA 

For  access  to  all  Computerworld  stories  on  the  Sept.  11 
attacks  and  their  aftermath,  please  visit  our  Web  site: 

OQuickLink  a1030 

www.computerworld.com 


NEWS 

An  exclusive  Computerworld  survey 
of  IT  pros  finds  that  better  security 
awareness  hasn’t  yielded  huge 
changes  in  security  investments; 
meanwhile,  change  is  the  watchword 
in  critical  infrastructure  protection. 
STARTS  ON  PAGE  6. 


TECHNOLOGY 

Researchers  at  the  National  Lab  in  Los 
Alamos  look  for  ways  to  enable  IT  to 
fight  terrorism;  corporations  employ 
an  array  of  tools  and  services  to  assess 
how  vulnerable  their  systems  are  to 
cyberattack.  STARTS  ON  PAGE  30. 


MANAGEMENT 

Companies  add  cyberattack  exercises 
to  their  disaster-preparedness  plans; 
experts  offer  tips  for  combing  through 
IT  service  contracts  to  ensure  you’re 
covered  in  the  event  of  a  terrorist-re¬ 
lated  emergency.  STARTS  ON  PAGE  44. 


OPEN  INFRASTRUCTURE 


INTEGRATION 


PLAY 


1]  To  win  in  the  e-business  game,  everyone  must  be  connected, 
regardless  of  platform  or  device.  With  an  open  infrastructure,  you 
have  the  freedom  to  integrate  without  having  to  rip  and  replace. 


2]  Get  in  the  game  with  Team  IBM.  With  Linux*-enabled  eServer™ 
systems,  global  integration  experts  and  WebSphere*  (the  leading 
integration  software  platform*),  you  can  implement  and  integrate 
new  technologies  with  existing  systems. 


3]  For  more  Winning  Plays,  visit  ibm.eom/e-business 
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Does  your  software  let  you  manage  and  protect  your  wireless  enterprise  no  matter 
where  it  goes?  Ours  does. 

Managing  your  enterprise  was  hard  enough  when  you  knew  where  it  was.  Now,  thanks  to  the  boom  in  wireless  devices,  mission-critical 
data  and  systems  can  walk  in  and  out  the  door  at  will.  That's  why  it's  vital  to  have  software  that  can  keep  track  of  your  wireless  enterprise 
no  matter  where  it  goes.  Our  infrastructure  management  software  is  considered  the  gold  standard,  making  it  one  of  the  best  choices  for 
securing  and  managing  your  global  environment.  And  it  works  across  multiple  platforms,  so  it's  compatible  with  what  you  have  today 
and  what  you  add  tomorrow.  Sure,  your  devices  may  still  get  lost.  But  your  information  won't.  ca.com/wireless/enterprise 
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Universal  Description,  Discovery  and  Integration  is  an 
Internet-accessible  registry  in  which  businesses,  soft¬ 
ware  vendors  and  programmers  can  describe  the  Web 
services  they  offer  and  provide  links  on  how  to 
use  them.  Find  out  more  in  this  week's 
QuickStudy.  PAGE  40 
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UDDI:  LOOKING  UP  WEB  SERVICES 


WE  BELIEVE 


In  a  world  turned  upside 
down  by  the  events  of 
Sept.  11,  Frank  Hayes  reveals  a  solid  core  of  beliefs 
that  anchors  all  IT  professionals  to  their  work  . . . 
and  their  world.  PAGE  62 


NEWS  6 

6-7  Our  examination  of  the  one- 
year  anniversary  of  Sept.  11  starts 
with  a  survey  that  reveals  that  cor¬ 
porations  still  aren’t  adequately 
funding  IT  security.  Also,  we  look 
at  how  corporate  America  has  re¬ 
sponded,  and  have  a  discussion 
with  the  White  House’s  cybersecu¬ 
rity  chief. 

8  Sharing  classified  information 
presents  critical  challenges  to  the 
homeland  security  initiative. 

12  An  ROI  survey  says  online 
training  and  e-business  integration 
bring  the  biggest  returns. 

14  Microsoft  ships  its  Multipath 

I/O  storage  management  software. 

25  Hershey’s  R/3  upgrade  went 

a  lot  more  smoothly  than  the  initial 
installation  back  in  1999. 


BREAKIN6  NEWS 

For  the  latest  news,  updated  twice  daily,  visit: 
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www.computemorld.com 


TECHNOLOGY  29 

29  IT  researchers  are  looking  to 
biology  for  more  than  superficial 
analogies  —  they’re  after  real  guid¬ 
ance,  writes  Gary  H.  Anthes. 

30  Los  Alamos  National  Labora¬ 
tory  is  developing  new  ways  to 
combat  bioterrorist  threats. 

34  Assessing  the  vulnerability 

of  their  company’s  systems  has 
become  a  crucial  part  of  IT  man¬ 
agers’  jobs  since  Sept.  11,  and 
they’re  using  a  variety  of  tools 
and  services  to  get  it  done. 

36  Fully  converged  san/nas 

network  storage  is  the  key  to  over¬ 
coming  the  limitations  of  storage 
networking,  says  Network  Appli¬ 
ance  CTO  Steven  Kleiman. 

38  Security  Journal:  Mathias 

Thurman  finds  that  eliminating 
rogue  wireless  LAN  (WLAN) 
access  points  is  easier  than  creat¬ 
ing  policies  and  standards  to 
secure  WLAN  infrastructure. 


MANAGEMENT  43 

43  Forget  reading,  writing  and 
’rithmetic  —  Bart  Perkins  says 
there  are  three  new  Rs  for  supplier 
management.  Here’s  how  to  put 
them  to  work  to  cut  costs. 

44  Corporations  are  adding 

cyberattack  exercises  to  their 
disaster-preparedness  tactics  in  the 
event  of  a  terrorist  assault  on  their 
infrastructure. 

46  Beware  of  force  majeure  claus¬ 
es  in  IT  contracts.  These  typically 
vendor-controlled  provisos,  the 
definitions  of  which  have  been 
quietly  expanding,  can  leave  your 
firm  in  the  lurch. 

48  Despite  flat  it  budgets, 

companies  are  taking  business 
continuity  into  their  own  hands. 

50  William  Ulrich  explains  in 
his  new  book  how  companies 
can  incorporate  in  Web-based 
systems  the  critical  data  and 
functionality  that’s  locked  in 
their  old  applications. 


OPINIONS  26 

26  Maryfran  Johnson  examines 
the  results  of  a  Computerworld.com 
survey  that  polled  readers  on  how 
their  companies  have  responded  to 
protect  IT  resources  since  the 
Sept.  11  attacks.  Although  she  sees 
plenty  of  areas  to  improve,  she 
continues  to  be  impressed  with 
IT’s  response. 

26  Pimm  Fox  chats  with  the  cio 

at  Kemper  Casualty,  who  says 
eliminating  paper  became  a  key 
goal  after  the  company  lost  two 
floors  of  offices  in  the  World  Trade 
Center. 

27  Thornton  May  critiques  the 
lack  of  critical  thinking  inside 
Dell.  The  PC  maker’s  latest  moves 
are  uninspired,  he  says.  May  offers 
three  suggestions  that  he  says 
Michael  Dell  can  take  to  the  bank. 
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ASK  PERMISSION 

The  opt-in  approach  to  data  privacy 
will  prevail  as  the  global  norm  in 
laws  and  business  practices,  writes 
privacy  columnist  Jay  Cline. 
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LINUX  &  YOU 

There  are  currently  more  than 
100  ongoing  discussions  in  our 
forums  about  Linux  and  what  it 
really  means  for  IT.  Don’t  you  have 
something  to  say? 

QuickLink  a2470 


ONE  YEAR  AFTER 

Has  the  government  done  enough 
to  protect  critical  IT  infrastructure? 
Has  the  private  sector?  Post  your 
comments  in  our  discussion  forum. 

QuickLink  a2480 

See  our  complete  coverage  of  the 
Sept.  11  attack  and  how  IT  has 
responded. 
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WHAT’S  A  QUICKLINK? 

OOn  some  pages  in  this  issue, 
you’ll  see  a  QuickLink  code 
pointing  to  additional,  related  con¬ 
tent  on  our  Web  site.  Just  enter  that 
code  into  our  QuickLink  box  online, 
which  you’ll  see  at  the  top  of  each 
page  on  our  site. 

Use  QuickLinks  to  see  related 
stories,  discussion  forums,  research 
links,  archives  and  more. 
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IT  Watchfulness  Rises, 

But  Budgets  Limit  CJpngl 


Survey  reveals  new  funds  lacking  to  bolster  data  security 


BY  MARK  HALL 

hough  IT  profes¬ 
sionals  are  now 
alert  to  the  threat 
of  terrorism,  that 
threat  generally 
hasn’t  pushed  IT  organizations 
to  radically  revamp 
their  business  con¬ 
tinuity  or  data  secu¬ 
rity  plans,  accord¬ 
ing  to  the  results  of 
an  exclusive  Com- 
puterworld  online  survey. 

“I  worry  more  about  the 
Russians  and  script  kiddies 
than  al-Qaeda,”  said  Alan  We¬ 
ber,  senior  systems  analyst  at 
Austin,  Texas-based  DS  Asso¬ 
ciates,  which  manages  human 
resources  data  for  other  firms. 

His  remarks  reflect  the  find¬ 
ings  of  an  online  poll  conduct¬ 
ed  the  last  week  of  August  by 
2,620  IT  professionals,  barely 
half  of  whom  said  their  organi¬ 
zations  have  launched  projects 
to  improve  data  security  in  re¬ 
sponse  to  the  terrorist  attacks 
on  the  World  Trade  Center  and 
Pentagon  a  year  ago  this  week. 

Many  users  said  their  exist¬ 
ing  plans  to  protect  their  IT  as¬ 
sets  are  adequate.  “If  you’re  al¬ 
ready  connected  to  the  Inter¬ 
net,  you  already  have  a  security 


issue,  and  9/11  should  not  have 
made  a  difference,”  Weber  said. 

He  added  that  his  company 
had  disaster  preparedness  and 
recovery  plans  in  place  already 
because  of  the  threat  of  torna¬ 
dos  and  fire,  “where  the  odds  of 
them  happening  are 
far  higher.” 

Jim  Prevo,  CIO 
at  Green  Mountain 
Coffee  Roasters  Inc. 
in  Waterbury,  Vt., 
said  that  his  company  is  simply 
continuing  with  the  disaster 
preparedness  plan  it  had  in 
place  before  Sept.  11. 

Like  most  companies  in  the 
survey,  Green  Mountain  didn’t 
boost  spending  to  take  on  new 
projects  for  business  continu¬ 
ity  and  security,  because  fund¬ 
ing  for  those  areas  is  already 
addressed  in  the  budget  proc¬ 
ess.  The  installation  of  a  new 
firewall  was  in  the  budget  be¬ 
fore  last  September,  Prevo  said. 

Standard  Reponse 

Mark  Shainman,  an  analyst 
at  Meta  Group  Inc.  in  Stam¬ 
ford,  Conn.,  said  he  isn’t  sur¬ 
prised  by  the  survey’s  findings. 

“Initially,  there  was  a  great 
fervor  about  security  and  busi¬ 
ness  [continuity],”  he  said.  But 


FACTOID 


Companies  are  adjusting  to 
the  new  level  of  heightened 
security  consciousness. 

Who’s  winning? 

■  Telecommuters:  30%  of 

survey  respondents  said  their 
companies  now  encourage  more 
people  to  work  at  home. 

■  Video  and  Web  conference 
providers:  More  than  35%  said 
their  organizations  now  use  the 
technologies. 

Who’s  losing? 

■  Travel  industry:  More  than  one- 
fourth  (27.5%)  said  their  companies 
have  reduced  employee  travel  “for 
safety  reasons." 


with  IT  budget  constraints  and 
existing  protections  in  place, 
most  companies  left  things 
alone,  Shainman  said. 

“Everyone  agrees  it’s  a  big 
issue,”  said  David  Nessl,  a  se¬ 
nior  systems  administrator  at 
American  Systems  Consulting 
Inc.  in  Dublin,  Ohio.  “But 
there’s  no  budget  for  it,  and 
you  still  have  to  deal  with  it.” 

Nessl  said  his  department  is 
now  taking  “snapshots  of  the 
data  twice  a  day  to  make  sure 
we’re  no  more  than  a  half-day 
out  of  sync.”  The  company  also 
used  previously  budgeted  dol- 


SEPTEMBER  11 

IT  Responds 


Attitudes:  The  Single  Biggest  Change 


Brookings,  S.D.,  is  a  long  way  from 
the  World  Trade  Center  and  the 
Pentagon.  And  the  IT  workers  at 
Falcon  Plastics  Inc.’s  headquarters 
there  have  no  illusions  that  they  are 
on  any  terrorist’s  hit  list.  But  that 
doesn’t  mean  the  events  of  Sept.  11 
d'dn’t  change  the  company's  atti¬ 
tude  about  protecting  its  informa¬ 
tion  assets. 

"It  has  caused  us  to  sit  back  and 
evaluate  cur  disaster  protection  and 
data  security  policies,"  said  Lisa  Ben¬ 


der.  IT  manager  at  the  plastics  manu¬ 
facturer.  “We’ll  never  assume  we 
have  no  gaps  in  our  system  again." 

Attitudes  about  disaster  pre¬ 
paredness  and  security  are  what 
changed  the  most  after  the  terror  at¬ 
tacks  on  the  U.S.  last  year,  accord¬ 
ing  to  many  IT  professionals. 

Barbara  Brennan,  director  of  tech¬ 
nology  at  Panzano  Partners  Ltd.  in 
Morristown,  N.J.,  said  that  although 
the  company  updated  its  firewalls 
and  bought  some  virus  protection 


software  after  Sept.  11,  “the  biggest 
change  since  the  tragedy  has  been 
in  people’s  awareness  of  security." 

Jim  O’Keefe,  IT  director  at  Resco 
Products  Inc.  in  Pittsburgh,  agreed. 
“Sept.  11  brought  out  how  vulnerable 
everyone  is,”  he  said. 

O’Keefe  added  that  the  tragedy 
focused  employees’  attention  on 
business  continuity  and  security.  “It 
did  away  with  the  ‘That’s  nice,  but 
it’ll  never  happen  here’  thinking." 

-Mark  Hall 


lars  to  buy  mass  storage  tech¬ 
nology  from  EMC  Corp.  that 
can  mirror  data  to  a  remote  site. 

Still,  many  firms  did  take  the 
9/11  tragedy  as  a  wake-up  call 
to  improve  data  security. 

At  Stanley  Aviation  Corp.  in 
Denver,  MIS  director  David 
Edwards  said  backup  was  the 
company’s  only  disaster  recov¬ 
ery  plan  before  9/11.  Stanley 
Aviation  is  working  out  plans 
with  a  sister  company  to  use 
each  other’s  data  centers  for 
business  continuity  operations, 
he  said,  and  it  has  added  a  hard¬ 
ware  firewall  and  new  proxy 
servers  to  improve  security. 

Some  firms  even  changed 
their  management  structures  in 
response  to  the  attacks.  Charlie 
Orndorff,  CIO  at  Crossmark 
Inc.  in  Plano,  Texas,  said  that  al¬ 
though  his  overall  budget  hasn’t 
increased,  there  has  been  a  shift 
in  priorities.  “Most  significant 
is  the  creation  of  a  new  posi¬ 
tion  for  manager  of  infrastruc¬ 
ture  security,”  he  said.  He 
added  that  while  the  company 
had  already  been  evaluating  a 
72-hour  business  continuity 
program  with  Wayne,  Pa.-based 
SunGard  Data  Systems  Inc., 
“Sept.  11  expedited  the  process.” 

In  some  markets,  the  shift 
has  been  dramatic.  According 
to  John  Hall,  president  of  call 
center  designer  Televerity  LLC 
in  Indianapolis,  his  clients  are 
now  demanding  business  con¬ 
tinuity  options. 

“Disaster  recovery  is  now 
40%  of  our  revenues,”  he  said. 
“Last  year,  it  was  zero.”  I 


Computerworld’s  survey  was 
conducted  in  collaboration  with 
Perseus  Development  Corp.,  a 
market  research  firm  in  Brain¬ 
tree,  Mass,  (www.perseus.com). 


ADDITIONAL  FINDINGS 

More  survey  results  can  be  found  online: 

OQuickLink  32710 

www.computerworld.com 

The  response  of  IT  in  the  wake  of  9/11  contin¬ 
ues  to  impress  Maryfran  Johnson.  Page  26 


State  of  Security 

NOT  MUCH  NEW...: 

Among  the  2,620  survey 
respon  snts,  just  under  half 
said  their  companies  have 
“undertaken  any  IT  projects 
to  improve  disaster  pre¬ 
paredness  and  recovery 
operations”  since  Sept.  11. 

DON’T  KNOW 
9.7% 


n 


NO 

40.5% 


YES 

49.8% 


...  ESPECIALLY  FUNDING: 

A  mere  15%  of  respondents 
said  their  companies  pro¬ 
vided  additional  in  ;;  most 
took  money  away  from 
other  IT  work. 

27.8% 


15.6% : 


8.5% 


3.1% 


Funded  with  additional 
IT  b  get  dollars 

Funded  out  of  the  existing 
IT  budget 

Funded  with  budget 
resources  oui  ie  of  IT 

Not  funded 


There’s  no 
budget  for  it, 
and  you  still 
have  to  deal 
with  it. 

DAVID  NESSL.  SYSTEMS 
ADMINISTRATOR,  AMERICAN 
SYSTEMS  CONSULTING 


NEWSSPECIAL  REPORT 


Corporate  America  Now  on 
Front  Lines  of  War  on  Terror 


BY  DAN  VERTON 

YEAR  AGO  this 
week,  America 
was  attacked  by  a 
global  enemy  that 
has  demonstrated 
its  determination  to  use  any 
means  at  its  disposal  to  wreak 
havoc  and  fear,  damage  the 
economy  and  compel  the  na¬ 
tion  to  withdraw  from  the  in¬ 
ternational  community. 

In  that  regard,  Sept.  11,  2001, 
will  be  remembered  as  a 
colossal  failure  for  interna¬ 
tional  terrorism,  say  govern¬ 
ment  and  private-sector  secu¬ 
rity  experts. 

Rather  than  leaving  the 
country  in  a  state  of  stunned 
inaction,  the  attacks  triggered 
what  many  security  experts 
say  was  long  overdue:  a  nation¬ 
wide  effort  to  bolster  home¬ 
land  security  and  critical  infra¬ 
structure  protection  —  a  con¬ 
cept  that  has  placed  private 
companies  on  the  front  lines  of 
national  defense. 

“It’s  never  been  done  be¬ 
fore,”  said  Steve  Cooper,  CIO 
at  the  White  House’s  Office  of 
Homeland  Security,  referring 
to  the  massive  integration  ef¬ 
fort  now  under  way  to  help 
improve  security  information 
sharing  among  government 
agencies  and  the  hundreds  of 
private  companies  that  own 
and  operate  90%  of  the  na¬ 
tion’s  critical  systems.  “We 
must  do  it,  and  we  can  do  it,” 
said  Cooper,  speaking  Aug.  19 
at  a  government  symposium 
on  homeland  security. 

Perception  Game 

However,  proponents  of  crit¬ 
ical-infrastructure  protection, 
particularly  in  the  area  of  cy¬ 
bersecurity,  face  many  of  the 
same  challenges  that  terrorism 
experts  encountered  prior  to 
Sept.  11:  Few  in  the  private  sec¬ 
tor  perceive  that  there’s  an  im¬ 
minent  threat  to  the  digital 
homeland,  and  fewer  still  ac¬ 
knowledge  terrorists’  ability  to 
and  willingness  to  adapt  their 
tactics  to  take  advantage  of 


America’s  digital  Achilles’  heel 
—  its  information  networks. 

Every  so-called  critical  in¬ 
frastructure  in  the  U.S.,  from 
telecommunications  to  trans¬ 
portation,  banking  and  energy, 
relies  on  computers  and  com¬ 
puter  networks,  National  Secu¬ 
rity  Adviser  Condoleezza  Rice 
said  in  March  last  year  during 
her  first  major  policy  address 
on  the  topic. 

“Corrupt  those  networks, 
and  you  disrupt  this  nation,” 
she  said.  “Today,  the  cyber¬ 
economy  is  the  economy.” 

“The  terrorists  in  the  Sept.  11 
event  had  the  patience  to  plan 
[and]  the  foresight  and  the  un¬ 
derstanding  of  the  infrastruc¬ 
ture  that  could  be  used  to  si¬ 
multaneously  or  sequentially 
disrupt  the  infrastructure  elec¬ 
tronically,”  said  Paula  Scalingi, 
former  director  of  critical  in- 


Richard  Clarke,  chairman  of  the 
president's  Critical  Infrastructure  Pro¬ 
tection  Board,  recently  spoke  with 
Computerworld  reporter  Dan  Verton 
about  the  nature  and  potential  of  the 
threat  to  the  nation’s  critical  infrastruc¬ 
ture.  He  also  discussed  what  he  sees 
as  his  biggest  challenges  with  respect 
to  national  cybersecurity.  Excerpts 
from  the  interview  follow: 

Can  you  briefly  explain  the  cyber¬ 
security  threat  for  those  who 
still  may  not  be  sure  who 
or  what  the  enemy  is? 

There’s  a  spectrum  of  threats 
out  there,  some  of  which  we 
experience  every  day.  That 
spectrum  runs  from  [individu¬ 
als]  who  simply  vandalize 
Web  pages  to  those  who 
conduct  nuisance  denial-of- 
service  attacks.  That's  on  the 
low  end,  which  is  usually  con¬ 
ducted  by  young  hackers  - 


frastructure  protection  at  the 
U.S.  Department  of  Energy. 
“That  could  cause  a  major  re¬ 
gional  failure  in  this  country. 
There’s  no  question  that  that’s 
doable.” 

Game  of  Dominoes 

The  reality  of  the  threat  to 
the  nation’s  critical  infrastruc¬ 
ture,  particularly  in  the  areas 
of  power,  telecommunications 
and  emergency  services,  was 
demonstrated  in  June  when 
the  federal  government  co¬ 
sponsored  an  exercise  known 


HOMELAND  DEFENSE 

The  lessons  of  Sept.  11  are  pushing  priority 
wireless  access  and  backbone  security: 

QuickLink  32690 

More  R&D  is  needed  to  protect  critical 
industrial  systems  in  the  energy  sector 
against  cyberattacks,  officials  say: 

QuickLink  32706 

The  world’s  three  largest  seaport 
operators  are  collaborating  to  demon¬ 
strate  and  deploy  automated  tracking 
and  security  technology  for  containers 
entering  U.S.  ports: 

QuickLink  32671 
www.computerworld.com 


so-called  script  kiddies. 

In  the  middle,  you  have  criminals 
who  conduct  fraud  and  industrial  espi¬ 
onage  online.  The  middle  range  of 
threats  is  usually  carried  out  by  org¬ 
anized  crime,  companies  and  also 
nation-states. 

On  the  high  end,  however,  you 
face  people  who  potentially  could 
conduct  attacks  to  destroy  or  stop 
things  from  working.  At  the  high  end, 
it's  potentially  nation-states  or  terror¬ 
ist  groups.  These  attacks  could  be 
conducted  in  isolation  or 
in  conjunction  with  a  physi¬ 
cal  attack. 

I  think  we  have  to  antici¬ 
pate  that  a  smart  opponent 
would  use  some  of  these 
asymmetric  tactics  against 
us.  In  the  larger  scenarios, 
the  private  sector  would 
be  the  targets  for  attack, 
either  by  terrorist  groups  or 
nation-states,  because  those 


as  Blue  Cascades.  Dozens  of 
government  and  private-sector 
representatives  from  five  U.S. 
states  in  the  Pacific  Northwest 
and  three  Canadian  provinces 
confronted  the  very  real  po¬ 
tential  for  cascading  infra¬ 
structure  failures  resulting 
from  combined  physical  and 
cyberterrorist  incidents. 

The  results  were  chilling. 
Simulated  terrorist  attacks  dis¬ 
rupted  the  region’s  electric 
power  grid,  causing  power  out¬ 
ages  that  spread  quickly  to  oth¬ 
er  Western  states  and  lasted 
for  more  than  a  week,  accord¬ 
ing  to  exercise  coordinators. 
The  exercise  also  included  si¬ 
multaneous  physical  and  cy¬ 
berdisruptions  of  the  region’s 
telecommunications  and  nat¬ 
ural  gas  distribution  systems, 
as  well  as  a  threat  to  a  major 
municipal  water  system  and 
the  region’s  ports. 

Once  the  electric  grid  is  dis¬ 
rupted,  the  other  infrastruc¬ 
tures  that  businesses  and  gov¬ 
ernment  agencies  rely  on  for 
their  day-to-day  operations,  in¬ 
cluding  telecommunications, 


groups  would  seek  to  disrupt  the  na¬ 
tional  economy. 

What  are  the  greatest  challenges 
facing  the  private  sector  in  terms 
of  cybersecurity,  particularly  with 
respect  to  your  mission  of  building 
an  effective  public/private  partner¬ 
ship  that  can  provide  for  the  com¬ 
mon  defense?  The  first  problem 
we've  always  had  was  awareness. 
However,  the  awareness  problem  has 
diminished  greatly  for  two  reasons. 
People  in  boardrooms  asked  them¬ 
selves  after  Sept.  11,  “How  secure  is 
our  company?"  Also,  there  have  been 
a  lot  of  cyberattacks,  which  have  dou¬ 
bled  in  the  last  year. 

The  second  problem  facing  com¬ 
panies  is  determining  what  is  a  good 
product,  who’s  a  good  service  pro¬ 
vider  and  what  they  should  be  asking 
for.  Most  people  think  the  first  thing 
to  do  is  to  run  out  and  buy  a  firewall 
or  an  intrusion-detection  system.  But 
that  doesn't  even  begin  to  solve  your 
problems.  You  need  to  have  a  contin¬ 
uous  process  of  looking  for  vulnera¬ 
bilities,  and  you  need  to  have  a  lay¬ 
ered  defense.  We  passed  the  2,000 
mark  a  few  months  ago  in  terms  of 
known  vulnerabilities  that  we  have  to 
deal  with. 


What  is  Critical 
infrastructure? 

Facilities  and  IT  systems 
that  operate  and  manage 
daily  services  in  the  follow¬ 
ing  sectors  are  considered 
part  of  the  critical  infra¬ 
structure: 

■  Banking  and  finance 

■  Emergency  services 

■  Energy 

*  Essentia!  government 
services 

■  Health  care 

■  Telecommunications 
■Transportation 
■Water  systems 

transportation,  emergency  ser¬ 
vices,  hospitals  and  law  en¬ 
forcement,  begin  to  fall  like 
dominoes,  according  to  the  final 
report  on  the  lessons  learned 
from  the  exercise.  I 


Are  you  satisfied  with  the  effort 
expended  to  date  at  the  regional 
infrastructure  level  by  the  various 
state  and  federal  agencies  and  the 
private  sector?  I'm  never  satisfied. 
I’m  feeling  good  about  the  federal  gov¬ 
ernment’s  own  activities  and  that  ma¬ 
jor  sectors  of  the  private  sector  are 
taking  action. 

For  example,  the  banking  and  fi¬ 
nance  sector  is  doing  a  great  deal:  the 
electric  power  grid  is  for  the  first  time 
thinking  about  encryption:  and  the  IT 
sector  itself  is  beginning  to  talk  about 
quality  software  development  and 
making  security  a  design  criteria. 
Companies  like  Oracle,  Sun,  Microsoft 
and  Cisco  are  leading  that  effort.  IT 
security  is  also  a  top  issue  in  the  pri¬ 
vate  sector. 

We  also  are  looking  for  input  from 
small  and  medium-size  IT  companies. 
A  lot  of  good  ideas  are  found  in  the 
garage,  as  HP  discovered.  We've 
proactively  sought  them  out  and  met 
with  them  one  on  one.  I 


IN-DEPTH  ONLINE 

To  read  the  full  version  of  our  interview  with 
Critical  Infrastructure  Protection  Board 
Chairman  Richard  Clarke,  visit  our  Web  site: 

QuickLink  32695 
14*.'  www.computerworld.com 


White  House  Cybersecurity 
Chief  Defines  the  Threat 


NEWSSPECIAL  REPORT 


U.S.  Intelligence  Community 
Faces  Info-Sharing  Overhaul 

Homeland  security  poses  unprecedented 
data-sharing  challenges  for  agencies 


BY  DAN  VERTON 

HE  u.s.  intelligence 
community  knows 
it  has  to  improve 
the  efficiency  of 
its  information¬ 
sharing  efforts.  But  the  com¬ 
munity’s  IT  experts  also  know 
that  massive  change  doesn’t 
mean  starting  from  scratch  and 
giving  everybody  access  to 
everything. 

“We’re  trying  to 
use  the  existing 
[IT]  capabilities  of 
the  community,” 
said  Bill  Dawson, 
the  intelligence  community’s 
deputy  CIO.  That  means  lever¬ 
aging  the  massive  yet  classi¬ 
fied  investment  in  IT  systems 
and  infrastructure  that  has 
taken  place  during  the  past 
decade,  said  Dawson  and  other 
top  intelligence  officials.  Daw¬ 
son’s  post  lies  within  the  CIA 
director’s  community  manage¬ 
ment  staff,  which  has  oversight 
responsibilities  for  all  14  agen¬ 
cies  that  make  up  the  U.S.  in¬ 
telligence  community. 


The  foundation  of  ICSIS  is  an  in¬ 
tranet  called  Intelink,  the  first  classi¬ 
fied  intelligence  community  intra¬ 
net,  which  was  set  up  in  1994. 

“What  we’re  really  doing  now  is 
going  beyond  the  wonderful  base¬ 
line  we  have  with  Intelink,”  said 
Dolly  Greenwood,  director  of  archi¬ 
tecture  for  ICSIS. 

And  while  Intelink  remains  “the 
basis  for  how  people  share  informa¬ 
tion”  in  the  intelligence  community, 
according  to  John  Brantley,  director 
of  the  Intelink  Management  Office, 
there  are  significant  changes  on  the 
way  for  the  intranet.  One  such 
change  is  the  development  of  a 


But  homeland  security  infor¬ 
mation  sharing  poses  unique 
security  challenges  that  few 
people  outside  the  intelligence 
community  appreciate,  Daw¬ 
son  said.  For  example,  intelli¬ 
gence  agencies  are  for  the  first 
time  being  asked  to  share  in¬ 
formation  collected  from  high¬ 
ly  sensitive  sources  with  agen¬ 
cies  that  sit  outside  of  the  tra¬ 
ditional  boundaries 
of  the  intelligence 
community,  such  as 
the  Environmental 
Protection  Agency 
(EPA)  and  the  De¬ 
partment  of  Agriculture,  ac¬ 
cording  to  Dawson. 

“You  really  shouldn’t  have 
EPA  officials  surfing  through 
military  order-of-battle  infor¬ 
mation,”  said  Dawson.  “I  can 
run  a  wire  and  give  you  infor¬ 
mation,  but  what  do  you  want, 
what  do  you  need,  and  what 
are  you  going  to  do  with  it?” 

Those  are  questions  senior 
intelligence  officials  are  grap¬ 
pling  with  as  they  anticipate 
the  likely  creation  of  a  Depart  - 


structured  database  to  help  make 
sense  of  the  2.4  million  Web  pages 
that  currently  populate  the  top- 
secret  version  of  Intelink. 

"Searching  Intelink  is  like  shoot¬ 
ing  craps,"  said  Stephen  Selwyn, 
director  of  knowledge  management 
at  the  Office  of  the  Intelligence  Com¬ 
munity  CIO.  However,  Selwyn 's  of¬ 
fice  plans  to  deploy  by  November 
what  he  calls  a  browser-based  “in¬ 
telligence  community  collaborative 
presence,"  letting  intelligence  ana¬ 
lysts  enter  collaborative  communi¬ 
ties  of  interest  from  their  desktops 
without  needing  other  infrastructure. 

-  Dan  Verton 


ment  of  Homeland  Security, 
which  will  need  access  to 
highly  compartmented  intelli¬ 
gence  data.  And  despite  high- 
profile  data-sharing  failures  in 
the  past  few  years  —  Sept.  11 
being  the  worst  —  a  master  ar¬ 
chitecture  plan  has  been  in  the 
works  and  is  now  getting  the 
attention  it  deserves. 

The  centerpiece  of  that  plan 
is  the  Intelligence  Community 
System  for  Information  Shar¬ 
ing  (ICSIS).  It’s  a  Web-based 
system  that  comprises  both  the 
Top  Secret  Joint  Worldwide 
Intelligence  Communications 
System  and  the  Secret  Internet 
Protocol  Routing  Network, 
which  the  defense  and  intelli¬ 
gence  communities  have  been 
using  for  years  to  share  data. 
The  difference  now  is  that 
Dawson  and  others  are  work¬ 
ing  to  build  a  browser-based 
front  end  that  won’t  take  users 
directly  to  these  systems  but 
rather  to  a  role-based  common 
virtual  collaboration  space. 

Sharing  Secrets 

ICSIS  will  provide  the  con¬ 
trolled  interfaces  that  will  for 
the  first  time  let  the  intelligence 
community  automate  the  pro¬ 
cess  of  stripping  out  from  clas¬ 
sified  documents  top-secret 
sources  and  methods  of  intelli¬ 
gence  collection.  It  will  also  au¬ 
tomate  the  sharing  of  that  intel¬ 
ligence  with  analysts  and  offi¬ 
cials  with  “Secret”  or  lower  se¬ 
curity  clearances. 

Phase  1  of  ICSIS  develop¬ 
ment,  which  is  now  under  way, 
involves  various  collaboration 
“enablers,”  such  as  public-key 
infrastructure  encryption  tech¬ 
nology;  a  directory  of  intelli¬ 
gence  analysts  who  can  be  con¬ 
tacted  by  means  of  encrypted 
community  e-mail;  a  collab¬ 
oration  software  tool  suite; 
trusted  interfaces  for  access  to 
replicated  data  repositories  at 
different  security  levels;  and  a 
metadata  markup  process  to 
support  data  discovery. 


John  Brantley,  director  of  the 
Intelink  Management  Office 
(see  box),  said  there  will  be 
managed  entry  points  into  seg¬ 
regated  communities  of  inter¬ 
est  for  all  security  levels.  One 
of  those  entry  points  will  lead 
to  the  Open  Source  Informa¬ 
tion  System,  a  collaborative, 
virtual  private  network  (VPN)- 
enabled  workspace  for  sharing 
sensitive  but  unclassified  data 
and  open-source  news  reports 
from  around  the  world.  That’s 
a  capability  critics  have  said 
the  U.S.  intelligence  communi- 


Technology 
Aids  Hunt 
For  Terrorists 

BY  DAN  VERTON 

Analysts  and  field  operatives  from  the 
CIA  and  the  National  Security  Agency 
(NSA)  have  stepped  up  offensive  opera¬ 
tions  against  terrorists  around  the  world 
using  sophisticated  text  and  audio 
search  and  analysis  technologies. 

“We’ve  increased  the  number  of 
teams  around  the  world  collecting  infor¬ 
mation  and  disrupting  [terrorist]  activi¬ 
ties,”  acknowledged  Philip  Lago,  execu¬ 
tive  secretary  of  the  CIA.  “The  tempo  of 
that  activity  has  increased  dramatically." 

Those  operations  have  also  in¬ 
creased  the  volume  of  raw  technical 
intelligence  -  phone,  radio  and  video 
recordings  as  well  as  text  -  flowing  into 
the  headquarters  of  the  CIA  and  NSA 
in  Langley,  Va„  and  Fort  Meade,  Md„ 
respectively.  The  result:  a  dramatic  up¬ 
swing  in  demand  for  technology  to  help 
ensure  that  analysts  don't  miss  critical 
communications  or  code  words  that 
could  be  used  to  launch  an  attack. 

One  of  those  technologies  is  the 
Name  Reference  Library  from  Language 
Analysis  Systems  Inc.  (LAS)  in  Herndon, 
Va.  The  software  analyzes  name  origins, 
tells  the  user  whether  or  not  multiple 
middle  and  last  names  are  in  the  right  or- 


ty  has  both  lacked  and  ignored. 
There’s  even  talk  of  creating  a 
VPN  link  from  the  intelligence 
community  to  the  Regional  In¬ 
formation  Sharing  System  Net¬ 
work,  a  state  and  local  criminal 
intelligence  database. 

In  the  end,  there’s  no  silver 
bullet,  Dawson  said.  “Databas¬ 
es  will  always  be  a  challenge,” 
he  said.  More  important,  he 
added,  people  should  under¬ 
stand  that  “we  don’t  have  some 
magical  box  out  there  that 
we’re  not  telling  them  about.”  k 


AN  INTRANET  FOR  SHARING 

The  State  Department  wants  to  expand  the 
intelligence  community's  intranet  to  all  of  its 
257  posts  worldwide: 

QuickLink  32703 

Armed  with  GIS  technology,  NIMA  is 
providing  critical  geospatial  intelligence: 

QuickLink  32702 
www.computerworld.com 


der  (Egyptian-  and  Saudi-born  citizens 
often  use  multiple  generational  names), 
and  provides  a  list  of  the  top  10  spelling 
variants  as  well  as  gender  associations. 

LAS  is  working  on  a  product  that  will 
enable  processing  of  native  scripts,  said 
Jack  Hermansen,  the  firm’s  president. 

“If  you  can  capture  Mohamed  in  Arabic, 
for  example,  it’s  only  spelled  one  way. 
The  problem  is  in  the  transcription  to 
other  languages,”  he  said.  LAS  plans  to 
complete  development  work  on  the  new 
version  in  the  next  six  months. 

Meanwhile,  NSA  analysts,  who  are 
responsible  for  intercepting  and  ana¬ 
lyzing  hundreds  of  terabytes  of  archived 
and  real-time  voice,  data  and  video  com¬ 
munications,  are  getting  help  from  Fast 
Talk  Communications  Inc. 

Fast  Talk  President  Armistad  Whitney 
said  the  company’s  software  can  break 
down  speech  to  its  smallest  compo¬ 
nents,  called  phonemes.  The  phonemes 
can  then  be  indexed  and  searched  for 
keywords.  The  software  can  retrieve  any 
word,  name  or  phrase  from  voice  data, 
regardless  of  speaker  or  dialect,  with 
up  to  98%  accuracy  and  up  to  72,000 
times  faster  than  in  real  time,  company 
officials  said.  Analysts  can  therefore 
search  through  20  hours  of  audio  in  less 
than  1  second. 

The  company  signed  two  contracts 
with  the  intelligence  community  within 
the  past  90  days.  Currently  in  the  de¬ 
ployment  phase,  the  software  is  being 
loaded  on  laptop  computers  for  use  in 
the  field  and  on  multiprocessor  enter¬ 
prise  systems  at  agency  headquarters, 
Whitney  said.  I 
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IT  Responds 


Get  the  Price/Performance  Advantage 

With  Oracle,  Dell  and  Red  Hat 
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“Those  running  Oracle,  Dell,  and 
Red  Hat  Linux  have  a  price/performance 
advantage.  Users  can  buy  four  4-way 
Dell  servers  running  Oracle  and  Linux 
with  exceptional  performance  for  less 
than  a  12  or  16 -way  proprietary  SMP 
system  at  a  hefty  savings.” 

Aberdeen  Group 

June  2002 


wax  m  redhat. 


Learn  more  about  an  Oracle 
certified  configuration  for 
Dell  with  Red  Hat  Linux 
Advanced  Server. 


oracle.com/linux/dell 

1.800.633.0567 
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Oracle  to  Cut  270 
U.K.  Consulting  Jobs 

Oracle  Corp.  said  it  plans  to  cut 
about  270  IT  consulting  jobs  in  the 
U.K.,  although  the  software  vendor 
said  it  will  try  to  redeploy  some  of 
the  workers  into  different  positions. 
Oracle,  which  has  about  3,100  em¬ 
ployees  in  the  U.K.,  said  it’s  “con¬ 
stantly  evaluating  business-critical 
staffing  allocations”  as  part  of  an 
effort  to  consolidate  operations  and 
increase  technical  efficiencies. 


BEA  Readies  JVM 
Software  Upgrade 

San  Jose-based  BEA  Systems  Inc. 
today  plans  to  release  a  new  version 
of  its  Java  virtual  machine  (JVM) 
software  for  Intel-based  servers. 
BEA  said  WebLogic  JRockit  7.0 
includes  support  for  running  Java 
applications  on  systems  built  around 
Intel  Corp.’s  Xeon  and  Itanium  chips. 
The  software  also  supports  interop¬ 
erability  across  the  hardware  plat¬ 
forms  of  various  server  vendors. 


HP  Unit  to  Focus  on 
Internal,  External  IT 

Hewlett-Packard  Co.  said  it  has  cre¬ 
ated  a  new  group  within  its  profes¬ 
sional  services  unit  to  design  and 
implement  internal  IT  plans  and 
to  advise  the  company’s  customers 
on  technology  strategies.  The  group 
will  report  jointly  to  HP  CIO  Bob 
Napier  and  to  an  executive  within 
the  IT  services  unit. 


CA  Ordered  to  Pay 
For  Buyout  Violations 

A  U.S.  appeals  court  in  New  York 
ruled  that  Computer  Associates  In¬ 
ternational  Inc.  has  to  pay  S10.3 
million  to  former  shareholders  of  a 
software  vendor  it  bought  in  1991. 
The  court  upheld  a  jury's  decision, 
issued  in  September  2000,  that  CA 
paid  more  for  the  stock  of  On-Line 
Software  International  Inc.’s  CEO 
than  it  paid  to  other  shareholders. 
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HP  Trims  Cost,  Features 
In  New  Unix  Server  Line 


Preconfigured  systems  emphasize  price 
over  power  for  users  with  tight  budgets 


BY  JAIKUMAR  VIJAYAN 
AND  TODD  WEISS 

EWLETT- PACKARD 

Co.  last  week  in¬ 
troduced  a  line 
of  preconfigured 
Unix  servers,  and 
analysts  said  the  new  systems 
could  appeal  to  users  who  are 
willing  to  sacrifice  some  per¬ 
formance  and  flexibility  to  get 
a  good  price. 

HP’s  05  Series  server  line 
features  three  models  that  are 
based  on  the  company’s  650- 
MHz  PA-RISC  processor  and 
run  its  HP-UX  Hi  operating 
system.  The  servers  are  avail¬ 
able  only  in  preconfigured, 
standardized  models,  ranging 
from  a  one-processor  model  to 
an  eight-processor  system. 

Starting  prices  range  from 
$4,795  for  a  one-processor  ver¬ 
sion  of  the  entry-level  RP2405 
system  with  512MB  of  memory 
and  26GB  of  disk  storage  to 
$50,595  for  the  RP7405  model 
with  two  CPUs,  4GB  of  mem¬ 
ory  and  146GB  of  storage. 


John  Miller,  the  worldwide 
server  marketing  manager  at 
HP’s  Business  Critical  Systems 
Group,  said  the  new  line  targets 
users  that  have  tight  IT  bud¬ 
gets  but  still  need  increased 
processing  capacity. 

In  the  past,  Miller  said,  IT 
managers  have  ranked  perfor¬ 
mance,  manageability  and  re¬ 
liability  above  cost  when  look¬ 
ing  to  purchase  servers.  But 
in  the  current  sluggish  econ¬ 
omy,  cost  has  risen  in  impor¬ 
tance,  leading  HP  to  intro¬ 
duce  servers  that  tout  low 
price  over  cutting-edge  tech¬ 
nologies,  he  said. 

Good  Enough 

Eileen  Gibson,  a  vice  presi¬ 
dent  at  Avnet  Hall-Mark  Inc.,  a 
computer  reseller  in  Tempe, 
Ariz.,  agreed  with  the  strategy. 
Rather  than  wait  for  better 
economic  conditions,  users 
might  prefer  to  go  with  “good 
technology,  even  if  it  may  not 
be  bleeding-edge,”  she  said. 

The  systems  make  sense  for 


users  that  don’t  mind  giving  up 
a  little  in  return  for  a  good 
price,  said  Rich  Partridge,  an 
analyst  at  D.H.  Brown  Associ¬ 
ates  Inc.  in  Port  Chester,  N.Y. 

“The  economy  has  forced 
many  customers  to  be  very 
price-sensitive,”  Partridge  said. 
“I  don’t  think  users  are  going  to 
find  a  fixed,  preconfigured  set 
of  attributes  to  be  that  much  of 
a  detriment  if  they  can  get  a 
lower-priced  server. 

“It’s  like  being  willing  to  do 
the  Saturday  night  stay-over  if 
you  can  save  some  money  on 
the  trip,”  he  added. 

And  it  isn’t  as  though  HP’s 
new  economy  servers  are  no¬ 
tably  inferior  to  its  regular 
models,  said  Joyce  Becknell,  an 
analyst  at  The  Sageza  Group 
Inc.  in  Mountain  View,  Calif. 

The  machines  feature  many 
of  the  same  functions  found  on 
HP’s  higher-end  Superdome 
servers,  including  dynamic 
partitioning,  workload  man¬ 
agement  and  fault  monitoring. 

In  addition,  the  systems  are 
upgradable  to  newer  proces¬ 
sors,  including  Intel  Corp.’s  64- 
bit  Itanium  chips,  so  users  can 
boost  performance  whenever 
they  want,  Becknell  said. 


Low-cost  Unix  Systems 


HP’s  new  05  Series 
features  three  models: 

RP2405  CAN  HANDLE  UP  TO: 

■  Two  processors 

■  86B  of  memory 

■  146GB  internal  disk  capacity 


RP5404  SUPPORTS  UP  TO: 

■  Four  processors 

■  16GB  of  memory 

■  292GB  of  internal  disk  capacity 


RP7405  RUNS  WITH  UP  TO: 

■  Eight  processors 

■  16GB  of  memory 

■  Two  hardware  partitions 

■  Eight  virtual  partitions 

■  292GB  of  internal  disk  capacity 

“What  [HP  has]  done  is  to 
try  and  keep  the  functionality 
while  getting  the  costs  down, 
by  offering  standard  configu¬ 
rations,”  Becknell  said. 

Standard  configurations  are 
also  easier  for  salespeople  to 
sell  and  for  users  to  under¬ 
stand,  she  added.  I 


Server  Sales  Sink  Deeper 

Revenues  weaker  amid  market  shuffling 


Corrections 

The  story  "CPUs  Cut  the  Power" 
on  page  30  of  our  Sept.  2  issue 
incorrectly  stated  the  lower  end 
of  the  power  consumption  for  the 
Intel  Banias  microprocessor.  The 
correct  figure  is  380  milliwatts. 

The  story  “Filing  It  Away"  on 
page  34  in  the  Sept.  2  issue 
included  incorrect  information 
about  the  file  systems  supported 
by  Microsoft  Corp.'s  Windows 
NT.  The  native  file  format  for 
Windows  NT  is  NTFS.  While  it 
can  also  use  FAT16  file  systems, 
FAT32  file  systems  can  only  be 
set  up  under  Windows  NT  using 
third-party  utilities. 


BY  JAIKUMAR  VIJAYAN 

Worldwide  server  revenues 
declined  for  the  sixth  quarter 
in  a  row  to  $10.5  billion  in  the 
second  quarter,  down  17% 
from  $12.6  billion  in  the  same 
period  last  year,  according  to 
IDC  in  Framingham,  Mass. 

Weak  sales  in  Japan  and  Eu¬ 
rope  added  to  revenue  declines 
of  11%  in  the  U.S.  and  7%  in  the 
Asia-Pacific  region,  excluding 
Japan,  IDC  said,  although  it 
added  that  those  decreases 
were  smaller  than  expected. 


Despite  the  softness  in  the 
second  quarter,  year-over-year 
sales  for  the  remainder  of  2002 
should  be  near  flat,  the  market 
research  firm  said. 

The  second  quarter  also 
marked  the  first  time  that 
IBM’s  position  as  worldwide 
server  market  leader  was  chal¬ 
lenged  by  another  vendor. 
HP,  in  its  first  quarter  after 
merging  with  Compaq  Com¬ 
puter  Corp.,  drew  even  with 
IBM  in  overall  server  revenue, 
with  each  company  garnering 


a  28.7%  market  share,  IDC  said. 

But  HP  lost  market  share 
overall,  when  current  revenue 
is  compared  with  the  combined 
revenue  of  HP  and  Compaq  last 
year  for  the  same  period,  IDC 
said.  It  added  that  on  a  sequen¬ 
tial  basis,  HP  rivals  IBM,  Sun 
Microsystems  Inc.  and  Dell 
Computer  Corp.  all  saw  an  in¬ 
crease  in  revenue  from  the  first 
quarter  of  this  year  to  the  sec¬ 
ond,  even  though  the  overall 
server  market  declined  3% 
from  quarter  to  quarter. 

Gartner  Inc.’s  Dataquest  unit 
in  San  Jose  also  reported  a 
double-digit  decline  in  second- 
quarter  server  revenue.  It  an¬ 
nounced  that  sales  dropped 
13%  year-over-year,  from  $11.6 
billion  to  $10.1  billion.  I 


So  many  network  applications. 
So  little  throughput. 

It’s  time  for  Gigabit  to  the  desktop. 


The  surge  in  network  applications  has  caused  bottlenecks  on  desktops  everywhere.  The  solution?  Help  your 
organization  tackle  all  those  network  backups,  remote  software  distributions  and  massive  file  downloads  by 
providing  an  equally  massive  increase  in  throughput.  With  the  Intel®  PRO/IOOO  MT  Desktop  Connection, 
you’ll  benefit  from  10  times  the  throughput.  Other  advantages:  a  Gigabit  connection  works  on  an  existing 
10/100  Mbps  Cat-5  network,  and  will  seamlessly  ramp  up  to  1000  Mbps.  When  this  Gigabit  connection 
is  combined  with  the  Intel®  Pentium®  4  processor,  studies  have  demonstrated  a  significant  boost  in  desktop 
performance.  Intel,  the  leader  in  desktop  connections,  makes  multi-tasking  less  of  a  task  —  cost-effectively 
and  without  any  need  for  expensive  rewiring.  Intel®  PRO  Network  Connections.  The  intelligent  way  to  connect. 


intel. 

For  a  trial  kit,  product  and  test  information:  www.intel.com/go/desktopgig 
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Online  Training,  E-Business 
Integration  Yield  Big  Returns 

ROI  study  says  CRM  implementations 

among  toughest  for  achieving  payback 


BY  THOMAS  HOFFMAN 

NLINE  LEARNING 
and  e-business 
integration  proj¬ 
ects  are  deliver¬ 
ing  the  strongest 
returns  on  investment  for  com¬ 
panies,  while  customer  rela¬ 
tionship  management  (CRM), 
content  management  and  on¬ 
line  marketplace  efforts  are  at 


Acquisition  adds  to 
Tivoli  software  line 

BY  JAIKUMAR  VIJAYAN 

IBM’s  planned  purchase  of 
software  vendor  Access360 
should  significantly  improve 
the  security  capabilities  of  its 
Tivoli  product  line  and  poten¬ 
tially  change  the  character  of 
the  identity  management  mar¬ 
ket,  according  to  analysts. 

IBM  last  week  said  it  plans 
to  buy  Irvine,  Calif.-based  Ac- 
cess360,  which  develops  iden¬ 
tity  management  software,  for 
an  undisclosed  price. 

Upon  regulatory  approval  of 
the  deal,  which  is  expected 
next  month,  privately  held  Ac- 
cess360  will  join  IBM’s  $13  bil¬ 
lion  software  group.  Its  prod¬ 
ucts  will  become  part  of  the 
Tivoli  portfolio,  IBM’s  line  of 
IT  management  software. 

Access360’s  software  and 
services  are  aimed  at  helping 
large  companies  automate  the 
process  of  granting,  modifying 
or  revoking  user  access  rights 
to  various  applications  based 
on  roles  or  other  policies. 

The  deal  brings  new  work- 
flow  and  self-service  capabili¬ 
ties  to  IBM’s  aging  Tivoli  iden- 


the  bottom  of  the  list. 

Those  findings  are  part  of 
an  assessment  of  thousands  of 
IT  ROI  studies  that  Wellesley, 
Mass.-based  Nucleus  Research 
Inc.  has  done  for  users  such  as 
Aetna  Inc.,  Pfizer  Inc.,  British 
Telecommunications  PLC  and 
Lockheed  Martin  Corp. 

For  instance,  according  to 
Nucleus,  companies  that  imple- 


tity  manager  technology,  said 
Chris  King,  an  analyst  at  Meta 
Group  Inc.  in  Stamford,  Conn. 

“IBM  knows  this  is  a  hot 
market,  but  the  products  that 
it’s  had  have  been  trailing  for 
quite  some  time,”  King  said. 

For  example,  Tivoli’s  identi¬ 
ty  management  software  works 
only  within  the  Tivoli  frame¬ 
work,  which  makes  it  less  flexi¬ 
ble  than  many  rival  technolo¬ 
gies,  he  said.  By  purchasing 
Access360,  IBM  will  get  some 
of  the  best  technology  in  this 
market,  King  said. 

IBM’s  acquisition  comes  at  a 
time  when  demand  for  identity 
management  software  seems 
to  be  growing.  Framingham, 
Mass.-based  research  firm  IDC 
predicts  that  sales  of  security 
management  software,  which 


New  Identity 

What  Access360  brings  to 
IBM’s  Tivoli  portfolio: 

ENROLE:  Software  that  central¬ 
izes  control  over  user  access  rights 
based  on  policies  and  user  roles. 

PUBLIC  PROVISIONING 
INFRASTRUCTURE:  A  hosted 
identity  management  service  deliv¬ 
ered  jointly  with  VeriSign  Inc. 


ment  online  training  systems 
for  a  “modest”  five-  or  six-fig¬ 
ure  investment  typically  gener¬ 
ate  strong  financial  returns 
through  cost  reductions  in  areas 
such  as  travel,  human  resources 
overhead,  regulatory  compli¬ 
ance  and  customer  support. 

Ian  Campbell,  co-founder 
and  principal  analyst  at  the 
research  firm,  said  e-business 
integration  software  such  as 
Microsoft  Corp.’s  BizTalk  Serv¬ 
er  and  BEA  Systems  Inc.’s  Web- 
Logic  Integration  have  helped 
companies  leverage  existing 


includes  identity  management, 
will  grow  30%  annually,  from 
$550  million  in  2001  to  $2  bil¬ 
lion  in  2006. 

Driving  much  of  the  demand 
is  the  growing  need  within  cor¬ 
porations  to  manage  user  iden¬ 
tities  in  an  easier  and  more  cost- 
efficient  manner,  said  James 
Governor,  an  analyst  at  Illumi- 
nata  Inc.  in  Nashua,  N.H. 

Currently,  a  wide  variety  of 
point  products  is  available  to 
help  address  different  parts  of 
the  identity  management  prob¬ 
lem.  Companies  such  as  Neteg- 
rity  Inc.  in  Waltham,  Mass.,  sell 
Web  access  control  software. 
Directory  management  tech¬ 
nologies  are  available  from 
vendors  including  Oblix  Inc.  in 
Cupertino,  Calif.,  while  compa¬ 
nies  such  as  Courion  Corp.  in 
Framingham  have  developed 
password  reset  and  user  man¬ 
agement  technologies. 

“What  you  have  is  a  com¬ 
mon  pain  point  with  incredibly 
varied  solutions,”  said  Pete 
Lindstrom,  an  analyst  at  Hur- 
witz  Group  Inc.,  in  Framing¬ 
ham.  But  that  may  change,  he 
added,  as  more  vendors  offer  in¬ 
tegrated  identity-management 
suites  like  the  one  IBM  is  at¬ 
tempting  to  gain  with  its  pur¬ 
chase  of  Access360. 1 


investments  in  their  IT  infra¬ 
structures  through  both  inter¬ 
nal  links  and  business-to-busi- 
ness  connections. 

Many  of  the  returns  from 
such  projects  result  from  a 
streamlining  of  data  flows  be¬ 
tween  applications  and  access 
to  a  broader  set  of  information 
for  end  users,  according  to  the 
Nucleus  assessment,  which  is 
due  to  be  released  this  week. 

“I  could  see  where  e-busi- 
ness  integration  would  offer 
strong  results,  because  you’re 
streamlining  operations  and 
taking  out  redundancies,”  said 
Steve  McDowell,  information 
services  director  at  a  retire¬ 
ment  home  operator  in  the  Pa¬ 
cific  Northwest.  Fie  asked  that 
the  company  not  be  identified. 

On  the  other  end  of  the 
scale,  CRM  projects  typically 
fall  short  of  ROI  projections, 
Campbell  said.  Companies  of¬ 
ten  overbuy  the  amount  of 
CRM  applications  they  need, 
he  said.  And  business  require¬ 
ments  often  change  by  the  time 
multiyear  CRM  implementa¬ 
tions  are  completed,  he  added. 

The  CRM  findings  jibe  with 
the  experiences  of  Rick  Peltz, 
CIO  at  Marcus  &  Millichap 
Real  Estate  Investment  Broker¬ 
age  Co.  in  Encino,  Calif.,  but 
for  different  reasons  than  the 
ones  cited  by  Campbell.  Peltz 
said  he  has  witnessed  the 
shortcomings  of  CRM  systems 
at  both  Marcus  &  Millichap 
and  Bank  of  America  Corp. 

Six  years  ago,  when  Peltz 
was  working  in  IT  at  Bank  of 
America  prior  to  its  merger 
with  NationsBank,  the  com¬ 
pany  deployed  a  CRM  system 
aimed  at  sharing  client  infor¬ 
mation  throughout  its  North 
American  wholesale  banking 
division.  However,  Peltz  said, 
the  system  “went  belly  up” 
eight  months  after  going  live. 
“No  one  used  it,”  he  said. 
“When  you’re  dealing  with 
salespeople  and  agents,  their 
client  list  is  their  lifeline.” 

That  also  helps  explain  why 


ROI  Leaders 
And  Laggards 

THE  TOP  PERFORMERS 
E-business  integration  tools: 

Can  reduce  costs,  increase  corpo¬ 
rate  performance  and,  ultimately, 
generate  new  revenue  streams. 

E-leaming  systems:  Benefits 
include  reduced  costs  and  oper¬ 
ational  improvements  such  as 
increases  in  productivity. 


LESS  SUCCESSFUL 
Business-to-business  mar¬ 
ketplaces:  Have  produced  limit¬ 
ed  returns;  companies  would  have 
been  better  off  integrating  sys¬ 
tems  with  those  of  key  business 
partners. 

Monolithic  CRM  systems: 

Consulting  and  software  costs 
can  outweigh  financial  returns, 
and  a  long  deployment  process 
often  slows  payback. 

Stand-alone  content  manage¬ 
ment  tools:  Improved  functional¬ 
ity  in  Web  server  and  portal  soft¬ 
ware  reduces  the  financial  appeal 
of  stand-alone  products. 

SOURCE:  NUCLEUS  RESEARCH  INC.. 
WELLESLEY.  MASS. 


Marcus  &  Millichap’s  650 
agents  have  resisted  overtures 
made  by  Peltz  and  his  team  to 
install  a  nationwide  CRM  sys¬ 
tem  for  sharing  information 
about  their  clients,  he  said. 

Many  stand-alone  content 
management  systems  also  fail 
to  generate  strong  returns,  ac¬ 
cording  to  the  Nucleus  report. 
Content  portals  and  applica¬ 
tions  that  are  narrowly  focused 
and  tightly  integrated  with 
other  systems  are  more  likely 
to  yield  returns,  Campbell  said. 

For  Jim  Albin,  CIO  at  Mercy 
Health  Partners  of  Western 
Toldedo  in  Ohio,  any  content 
management  project  has  to  be 
focused  on  business  processes. 

“The  things  that  alter  work¬ 
flows  and  improve  the  process 
downstream  are  the  true  ROI 
generators,”  not  the  technol¬ 
ogy  itself,  he  said.  I 


PAYBACK  TIME 

For  more  on  IT  return-on-investment  issues, 
go  to  our  ROI  Knowledge  Center: 

QuickLink  k2340 
www.computerworld.com 


IBM  Expands  Identity  Management  Tools 


You're  an  IT  professional,  not  the  Internet  police. 

Give  the  cop  routine  a  rest.  Manage,  don't  just  monitor  corporate  Internet  activity  with  Websense  Enterprise  Web  filtering 
software.  No  more  watching  over  shoulders  or  online  patrolling.  Websense  puts  the  highest  quality,  leak-free  database  to  work 
for  you.  It's  more  accurate,  reliable  and  comprehensive  with  automated  daily  updates,  including  more  than  5,000  site  additions 
per  day.  That's  why  more  than  half  the  Fortune  500  trust  Websense  to  manage  employee  online  activity.  You  can  too. 
Get  Websense.  And  save  your  badge  for  when  you  really  need  it. 


Download  your  free,  fully  functional  30-day  trial  today  at  www.websense.com. 


EMPLOYEE  INTERNET  MANAGEMENT 

NASDAQ:  WBSN 
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Utility-based  Deal  Cuts 
Tennis  Group’s  IT  Costs 


BRIEFS 


Microsoft  Warns  of 
Windows,  Mac  Holes 

Microsoft  Corp.  has  begun  releasing 
a  series  of  software  patches  de¬ 
signed  to  plug  a  security  hole  in  all 
of  its  current  Windows  releases  that 
could  let  attackers  issue  bogus  digi¬ 
tal  certificates.  The  flaw  also  af¬ 
fects  the  Macintosh  versions  of  Of¬ 
fice,  Internet  Explorer  and  Outlook 
Express.  Microsoft  gave  the  vulner¬ 
ability  its  highest  severity  rating  and 
urged  IT  managers  to  install  the 
patches  as  soon  as  possible. 

Cisco  Finds  Security 
Flaws  in  VPN  Tools 

Cisco  Systems  Inc.  issued  a  pair  of 
security  advisories  warning  users 
about  multiple  vulnerabilities  in  its 
VPN  3000  line  of  virtual  private 
network  (VPN)  concentrators  and 
its  VPN  Client  software.  Cisco  said 
it  has  released  updated  versions  of 
the  products  that  address  the  flaws. 
It  also  detailed  work-arounds  that 
can  mitigate  some  of  the  problems. 

Intel  Sells  Off  Network 
Management  Tools 

Intel  Corp.  said  it  has  agreed  to  spin 
off  its  LANDesk  line  of  network 
management  tools  into  a  new  com¬ 
pany  that  will  be  funded  mainly  by 
two  venture  capital  firms.  Intel  plans 
to  keep  a  minority  ownership  stake 
in  the  LANDesk  business,  which  will 
be  based  in  the  Salt  Lake  City  area. 
Intel  also  lowered  its  third-quarter 
revenue  forecast  slightly,  citing 
weak  microprocessor  sales. 

Short  Takes 

NOVELL  INC.  announced  that  it  has 
cut  the  cost  of  licensing  fees  for 
companies  and  government  agen¬ 
cies  that  use  its  software  to  offer 
internet-based  services  to  con¬ 
sumers.  . . .  HEWLETT-PACKARD 
CO.  released  new  processors  and 
an  operating  system  update  for  its 
HP  e3000  server  line,  which  is  due 
to  be  discontinued  in  October  2003. 


IBM  ties  U.S.  Open 
Web  site  service 
fees  to  daily  usage 


BY  THOMAS  HOFFMAN 

FLUSHING  MEADOW.  N  Y. 

T  THIS  YEAR’S 
U.S.  Open  tennis 
tournament  here, 
the  organization 
that  governs  the 
sport  in  the  U.S.  tried  to  ace 
out  high  IT  costs  by  joining  the 
burgeoning  move  toward  utili¬ 
ty-based  computing. 

The  United  States  Tennis 
Association  (USTA)  struc¬ 
tured  a  utility-based  contract 
with  IBM  to  cover  the  opera¬ 
tion  of  its  www.usopen.org 
Web  site  during  the  tourna¬ 
ment,  which  was  scheduled  to 
conclude  yesterday.  Under  the 
contract,  the  USTA  will  pay 
IBM  for  Web  hosting,  content 
caching  and  Web-site  perfor¬ 
mance  measurement  services 
based  on  its  average  utilization 
over  a  24-hour  period. 

The  deal  was  set  up  to  help 
the  USTA  handle  surges  in 
Web  site  traffic  at  a  reasonable 
cost  level,  said  Ezra  Kucharz, 
managing  director  of  advanced 
media  at  the  White  Plains, 
N.Y. -based  USTA.  The  associa¬ 
tion  typically  has  to  increase 
its  online  capacity  50-fold  to 
meet  the  demand  for  informa¬ 
tion  during  the  two-week  tour¬ 
nament,  according  to  Kucharz. 

Cost-Effective  Model 

Switching  to  the  utility- 
based  approach  was  “definitely 
a  more  cost-effective  model  for 
us,”  he  said.  “It  wouldn’t  make 
sense  for  us  to  invest  in  [new 
technology  for]  a  two-week 
event  on  an  annual  basis.” 

IBM  and  the  USTA  didn’t 
disclose  the  financial  details  of 
the  contract.  Dev  Mukherjee, 
vice  president  of  strategy  and 
marketing  for  IBM’s  E-Busi¬ 
ness  Services  on  Demand 
group,  said  only  that  the  deal 


was  “a  customized  agreement.” 

But  utility-based  computing 
isn’t  just  restricted  to  niche  ap¬ 
plications  such  as  annual 
sporting  events.  For  example, 
IBM  also  provides  computing- 
on-demand  services  to  large 
corporate  users  such  as  Ameri¬ 
can  Express  Co.,  Saks  Inc.  and 
The  Dow  Chemical  Co. 

In  the  seven-year,  $4  billion 
outsourcing  and  IT  services 
agreement  it  signed  with  New 
York-based  Amex  in  February, 
IBM  is  supplying  mainframes, 
storage  and  other  processing 
resources,  as  well  as  technical 
support,  on  an  as-needed  basis 
[QuickLink  27619]. 

IBM  rivals  such  as  Plano, 
Texas-based  Electronic  Data 
Systems  Corp.  are  also  offering 
pay-as-you-go  approaches  to 
IT  services.  Utility-based  com¬ 
puting  “might  be  in  its  infancy, 


Multipath  I/O  links 
servers  to  disk  arrays 

BY  LUCAS  MEARIAN 

Microsoft  Corp.  last  week  an¬ 
nounced  storage  management 
software  that  will  let  systems 
running  Windows  2000  Server 
and  Windows  .Net 
Server  2003  communi¬ 
cate  with  storage  arrays 
across  multiple  devices 
supported  by  more 
than  a  dozen  leading  vendors. 

Microsoft’s  Multipath  I/O 
technology  will  ship  as  a  de¬ 
vice  development  kit  to  third- 
party  partners  such  as  EMC 
Corp.,  Hitachi  Ltd.,  Hewlett- 
Packard  Co.,  Network  Appli¬ 
ance  Inc.  and  Veritas  Software 
Corp.  Microsoft  said  the  tech¬ 
nology  allows  more  than  one 
physical  path  to  be  used  to  ac¬ 
cess  storage  devices,  providing 
improved  system  reliability 
via  fault  tolerance  and  load 
balancing  of  I/O  traffic. 


but  it  makes  a  great  deal  of 
sense,”  said  Jeremy  Grigg,  a 
Gartner  Inc.  analyst  who 
works  in  New  York.  That  could 
lead  to  “a  significant  transfor¬ 
mation  in  the  delivery  of  com¬ 
modity  services  in  the  future,” 
Grigg  added. 

In  the  case  of  the  USTA,  IBM 
has  managed  the  U.S.  Open’s 
Web  site  and  scoring  system 
for  the  past  seven  years.  The 
USTA  runs  its  own  Web 
servers  11  months  per  year,  but 
it  turns  them  over  to  IBM  just 
prior  to  the  tournament,  said 
IBM  executive  Edward  Curry. 

IBM  moves  portions  of  the 
USTA’s  content-serving  work¬ 
load  onto  its  Intel-based  Net- 
finity  servers,  which  cache  the 
information  at  peripheral  net¬ 
work  points  to  enable  efficient 
content  processing.  During 
peak  demand  times,  load  bal- 


Multipath  I/O  is  due  to  ship 
by  year’s  end  with  both  Win¬ 
dows  2000  and  Windows  .Net 
Server  2003,  which  is  sched¬ 
uled  for  release  then  as  well. 

Anders  Lofgren,  an  analyst 
at  Giga  Information  Group  Inc. 
in  Cambridge,  Mass.,  said 
Microsoft’s  venture  into  stor¬ 
age  software  is  a  welcome  de¬ 
velopment. 

“It  should  ease  inte¬ 
gration  issues  in  terms 
of  providing  high  avail¬ 
ability  and  functionali¬ 
ty  through  multipathing  for 
Windows  environments,”  Lof¬ 
gren  said.  “Anything  that  can  be 
done  to  improve  in  that  area  is 
a  good  thing.” 

More  than  a  dozen  vendors 
have  committed  to  developing 
products  that  will  use  Multi- 
path  I/O  to  deliver  capabilities 
such  as  fail-over,  load  balanc¬ 
ing  and  interoperability  with 
third-party  storage  products 
such  as  host  bus  adapters  and 
RAID  arrays,  Microsoft  said. 

Rakesh  Narasimhan,  general 


The  USTA’s  pay-as-you-go  pact 
makes  handling  traffic  spikes  to 
its  Web  site  more  cost-effective. 

ancing  between  distributed 
IBM  RS/6000  SP  servers  and 
Intel-based  xSeries  boxes  run¬ 
ning  Linux  helps  partition  pro¬ 
cessing  requests,  IBM  said. 

Kucharz  wouldn’t  quantify 
the  amount  of  traffic  the  Web 
site  was  experiencing  for  this 
year’s  tournament,  but  he  said  it 
was  up  from  last  year,  when  the 
site  had  nearly  11  million  user 
visits  and  served  more  than  172 
million  pages  of  information.  I 


manager  of  strategic  partner¬ 
ships  at  Microsoft,  said  storage 
vendors  that  use  the  technolo¬ 
gy  can  expose  the  different  be¬ 
haviors  of  their  hardware 
through  an  application  pro¬ 
gramming  interface  and  deliv¬ 
er  the  I/O  software  through  it. 

“It’s  a  standards  and  interop¬ 
erability  path  between  them 
and  us.  On  Windows,  we  can 
guarantee  a  level  of  service 
with  their  products,”  he  said. 

However,  others  criticized 
the  software  because  it  works 
only  with  Microsoft’s  operat¬ 
ing  systems. 

“It’s  a  wonderful  start  as 
they  try  to  get  into  storage  big 
time,  but  they  have  some  chal¬ 
lenges  because  ...  it  doesn’t 
address  the  non-Windows 
platforms,”  said  Bob  Zimmer¬ 
man,  an  analyst  at  Giga.  “No 
one’s  a  true-blue  IBM  shop  or 
Microsoft  shop  anymore.”  I 

MORE  THB  ISSUE 

For  more  about  storage  management,  see 
related  story  on  page  21. 


Microsoft  Plans  Storage  Management  Software 
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Muted  NetWorld+Interop 
Lacks  Major  Rollouts 


Networking  industry  downturn,  Sept.  11 

anniversary  weigh  on  trade  show 


AT  A  GLANCE 


BY  MATT  HAMBLEN 

HE  NETWORLD+ 

Interop  Atlanta 
2002  trade  show  is 
scheduled  to  open 
today  amid  linger¬ 
ing  worries  about  the  financial 
health  of  the  networking  in¬ 
dustry  and  some  jitters  about 
physical  security  issues  during 
the  first  anniversary  of  the 
Sept.  11  terrorist  attacks. 

The  crowds  and  the  number 
of  exhibitors’  booths  will  be 
down  from  previous  fall  N+I 
shows,  vendors  and  confer¬ 
ence  sponsors  said  last  week. 
But,  they  added,  the  attendees 
who  do  show  up  are  expected 
to  be  qualified  IT  executives 
who  control  their  companies’ 
spending  budgets,  rather  than 
lower-level  IT  workers. 

“My  hope  is  for  a  strong  re¬ 
gional  attendance  and  not  em¬ 
barrassingly  small  crowds,  but 
I  think  conference  attendance 
generally  is  going  to  start  drift¬ 
ing  back  up”  after  more  than  a 


year  of  declines  at  various 
events,  said  Craig  Mathias,  an 
analyst  at  Farpoint  Group  in 
Ashland,  Mass.,  and  a  sched¬ 
uled  N+I  speaker. 

The  hottest  areas  of  empha¬ 
sis  will  be  network  security 
and  wireless  networking,  said 
show  organizers.  However,  few 
of  the  big-name  networking 
vendors  plan  to  announce  ma¬ 
jor  new  products  at  N+I. 

For  example,  Cisco  Systems 
Inc.  won’t  have  a  corporate 
presence  at  the  conference;  in¬ 
stead,  its  booth  will  be  limited 
to  its  businesses  in  the  Atlanta 
region,  and  a  spokesman  said 
the  company  won’t  introduce 
any  products  or  services. 

Computer  Associates  Inter¬ 
national  Inc.  is  among  the  200 
or  so  N+I  exhibitors.  Although 
the  company  was  listed  by 
show  sponsor  NetWorld+In¬ 
terop  Worldwide  as  planning 
to  unveil  several  products,  a 
spokeswoman  for  Islandia,  N.Y.- 
based  CA  said  that  isn’t  the  case. 


N+I  Atlanta 
2002  Details 

Expected  attendance:  20.000  to 
30,000  attendees  and  200  exhibitors 

Major  technology  themes:  Security, 
wireless  networks,  voice  over  IP  tech¬ 
nology,  storage 

Keynotes  speakers  (all  on  Tuesday): 

Ronald  LeMay,  president  of  Sprint  Corp,; 
Bobby  Johnson,  president  and  CEO  of 
Foundry  Networks  Inc.;  Robert  Shaner, 
president  of  Cinguiar  Wireless 

Meanwhile,  struggling  ven¬ 
dors  such  as  Lucent  Technolo¬ 
gies  Inc.  in  Murray  Hill,  N.J.,  and 
Nortel  Networks  Ltd.  in  Bramp¬ 
ton,  Ontario,  are  sending  only 
speakers  to  the  conference.  A 
Nortel  spokesman  said  the  com¬ 
pany  tends  to  emphasize  the 
spring  N+I  show  in  Las  Vegas. 

Sprint  Corp.  is  one  of  the  few 
major  telecommunications  car¬ 
riers  scheduled  to  have  a  booth 
at  this  week’s  event.  In  recent 
years,  the  fall  N+I  show  has 
been  a  good  place  to  meet  en¬ 
terprise  IT  buyers,  said  Barry 
Tishart,  director  of  data  prod¬ 
uct  management  at  Sprint, 
which  will  demonstrate  some 


IP-based  network  services  that 
it  unveiled  earlier  this  year.  But 
the  likely  turnout  at  this  week’s 
conference  “is  a  million-dollar 
question,”  Tishart  added. 

Valerie  Williamson,  presi¬ 
dent  of  Foster  City,  Calif.-based 
NetWorld+Interop  Worldwide, 
a  subsidiary  of  KeySMedia 
Group  Inc.  in  Los  Angeles,  said 
she  expects  20,000  to  30,000 
people  to  attend  the  confer¬ 
ence.  Last  year’s  Atlanta  show 
opened  on  Sept.  11  and  drew  a 
total  of  about  20,000  attendees. 

A  special  Comdex  Atlanta  is 
being  combined  with  N+I  this 
year  in  an  attempt  to  bring  in 
developers  and  IT  executives 
beyond  the  usual  network 
managers,  Williamson  said. 
Comdex  Fall  will  be  held  in  Las 
Vegas  in  November. 

Evan  Sohn,  vice  president  of 
marketing  at  ReefEdge  Inc.  in 
Fort  Lee,  N.J.,  said  the  company 
plans  to  staff  a  booth  at  the 
show  and  announce  wireless 
LAN  management  software 
(see  story  at  right).  “No  doubt 
9/11  will  impact  attendance, 
but  it’s  still  worth  going  for  us 
to  generate  business,  have  one- 
on-one  meetings  and  support 
our  partners,”  Sohn  said.  I 

CONNECTION  MADE 

For  more  networking  coverage,  visit  our 
Knowledge  Center: 

QuickUnk:  k12Q0 
www.computerworld.com 


WorldCom  Broadens  Its  VPN  Services 


Adds  support  for 

Cisco  routers 


BY  MATT  HAMBLEN 

WorldCom  Inc.  last  week  an¬ 
nounced  a  series  of  additions 
to  its  global  virtual  private  net¬ 
work  (VPN)  offerings,  includ¬ 
ing  an  IP-based  VPN  service 
that  uses  routers  made  by  Cis¬ 
co  Systems  Inc. 

The  new  capabilities  include 
a  service  that  provides  access  to 
frame-relay  networks  via  World- 
Corn’s  IP-based  UUnet  net¬ 
work,  plus  Ethernet  and  Digital 
Subscriber  Line  (DSL)  access 
options  for  VPN  users. 


Such  services  were  designed 
to  widen  the  VPN  choices 
available  to  the  struggling 
company’s  customers,  said  Jim 
DeMerlis,  vice  president  of 
product  management  at  World¬ 
Com.  “There  is  no  such  thing 
as  a  one-size-fits-all  VPN,” 
DeMerlis  said. 

Service  Expansion 

The  Cisco-based  IP  VPN  is 
available  immediately  in  the 
U.S.  for  a  monthly  fee  of  $1,895 
per  site  for  a  T1  link.  World¬ 
Com  has  been  offering  an  IP 
VPN  service  that  uses  routers 
made  by  Lucent  Technologies 
Inc.  for  the  past  three  years. 
But  DeMerlis  said  the  Cisco 


technology  should  expand  the 
service  into  more  applications. 

Daniel  Mittler,  director  of 
technology  and  systems  at 
Realm  Business  Solutions  Inc., 
said  the  developer  of  applica¬ 
tions  for  real  estate  agents  has 
been  using  WorldCom’s  IP 
VPN  service  on  Lucent  routers 
since  March.  Using  the  VPN 
instead  of  frame-relay  connec¬ 
tions  lowered  Realm’s  monthly 
network  costs  from  $45,000  to 
$12,000,  according  to  Mittler. 

Mittler  said  it  might  make 
sense  for  Realm  to  switch  to 
the  Cisco  routers,  since  Realm 
is  primarily  a  Cisco  shop.  But 
he  said  there’s  no  urgent  need 
to  change  the  VPN  at  the  com¬ 


pany,  which  is  moving  its  head¬ 
quarters  from  New  York  to  Dal¬ 
las  at  the  end  of  next  month. 

Mittler  said  he’s  pleased 
with  WorldCom’s  service  lev¬ 
els,  despite  the  network  opera¬ 
tor’s  financial  difficulties  and 
Chapter  11  bankruptcy  protec¬ 
tion  filing.  “They  won’t  turn 
down  the  lights,”  he  said. 

Realm  used  the  former  Exo¬ 
dus  Communications  Inc.  as  a 
network  service  provider  until 
that  company  filed  for  bank¬ 
ruptcy  protection  last  fall  and 
sold  most  of  its  assets  to  Cable 
&  Wireless  PLC.  Although 
WorldCom  has  also  filed  for 
Chapter  11,  Mittler  said  his 
experience  with  the  events  at 
Exodus  has  made  him  less 
anxious  because  Realm  wasn’t 
hit  by  any  service  disruptions 
before  changing  carriers.  I 
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Some  Vendors 
Plan  N+I 
Announcements 

Even  though  many  vendors  are 
worried  that  NetWorld+Interop 
Atlanta  2002  might  be  light  on 
attendees,  the  following  net¬ 
working  equipment  makers  and 
network  operators  plan  to  an¬ 
nounce  products  and  services 
at  the  conference; 

■  In  conjunction  with  Boulder, 
Colo.-based  SpectraLink 
Corp.,  Fort  Lee,  N.J.-based 
ReefEdge  Inc.  plans  to  introduce 
Version  3.0  of  its  ReefEdge 
Connect  system  for  security  and 
management  of  wireless  LANs. 
The  upgrade  will  add  support  for 
managing  SpectraLink’s  line  of 
802.11x-based  wireless  phones, 
ReefEdge  said. 

■  Hoitsville,  N.Y.-based  Sym¬ 
bol  Technologies  Inc.  will 
formally  announce  its  Mobius 
WLAN  architecture,  which  puts 
wireless  LAN  security  and  man¬ 
agement  capabilities  on  a  central 
switch  instead  of  on  individual 
wireless  access  points  [Quick- 
Link  32531], 

■  Proxim  Corp.  in  Sunny¬ 
vale,  Calif.,  will  demonstrate  a 
$249  kit  it  announced  last  week 
to  upgrade  802.Hb  wireless 
networks  to  include  support  for 
the  newer  and  faster  802.11a 
technology. 

Proxim  also  unveiled  Tsunami 
QuickBridge,  an  outdoor  wire¬ 
less  bridge  that  uses  the  5.8- 
GHz  band  to  connect  two  build¬ 
ings  up  to  six  miles  apart  as  a 
quick  replacement  for  a  T1  or 
leased  line.  Tsunami  models 
range  in  price  from  $3,500  to 
$5,500. 

■  Amsterdam-based  Equant 
NW  said  it  will  announce  a  man¬ 
aged  service  that  provides  data, 
voice  and  video  capabilities  on 
iP-based  VPNs. 

Equant  won’t  have  a  booth  at 
NetWorld+Interop,  but  it  will  meet 
with  attendees  to  detail  its  global 
service,  which  uses  IP  ports  on 
Cisco  routers  to  segregate  data, 
voice  and  video  traffic  from  one 
another.  Equant  officials  said 
they  have  signed  up  10  compa¬ 
nies  to  use  the  service,  but  they 
wouldn’t  identify  any  of  them. 

-  Matt  Hamblen 
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"APC  PowerStruXure  allowed  us  to  buy 
less  up  front  and  gives  us  the  flexibility  of 
easy  future  expansion ...  I  enjoy  the  fact 
that  I  can  buy  only  what  I  need  now  and 
add  to  it  later  only 
when  I  need  to. " 

Michael  Touchstone 

Manager  of  Energy 
Conservation, 

Cox  Communications 
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Dell  Installs  Big  Cluster  of 
Servers,  Looks  at  Web  Sales 


Online  ordering  of  supercomputer-class 
systems  envisioned ,  but  plans  aren't  set 


BY  BOB  BREWIN 

ELL  COMPUTER 
Corp.  last  week 
announced  the 
installation  of  the 
second-largest 
server  cluster  sold  to  date  un¬ 
der  a  high-performance  com¬ 
puting  initiative  it  launched  in 
February.  And  Dell  executives 
said  users  will  eventually  be 
able  to  order  such  systems  via 
the  company’s  Web  site. 

The  Linux-based  cluster 
bought  for  the  State  University 
of  New  York’s  Buffalo  campus 
includes  about  2,000  of  Dell’s 
PowerEdge  servers,  with  a  com¬ 
bined  total  of  more  than  4,000 
Intel  processors.  The  system, 
valued  at  $13  million  to  $14  mil¬ 
lion,  is  supported  by  a  storage- 
area  network  with  more  than 
16TB  of  disk  storage  (see  box). 

The  clustered  supercomput¬ 
er  can  process  up  to  5.7  trillion 
floating-point  operations  per 
second  and  was  designed  for 
use  in  bioinformatics  research 
at  the  Buffalo  campus,  includ¬ 
ing  an  analysis  of  what  the  pro¬ 
teins  in  different  parts  of  the 
human  genome  do. 

Thus  far,  the  system  in¬ 
stalled  at  the  school  —  known 
officially  as  the  University  at 
Buffalo  —  is  surpassed  only  by 
a  cluster  that  Dell  sold  to  Paris- 
based  Compagnie  Generale  de 
Geophysique  for  analyzing  seis¬ 
mic  data  as  part  of  oil  ex¬ 
ploration  activities  [QuickLink 
30360],  That  cluster  was  re¬ 
cently  updated  to  include  4,096 
processors,  Dell  said. 

A  Stretch  for  Dell? 

Such  high-performance  clus¬ 
ters  are  seemingly  far  removed 
from  the  desktops,  laptops  and 
low-end  servers  for  which  Dell 
is  best  known.  But  Reza  Rooho- 
lamini  Dell’s  director  of  oper¬ 
ating  systems  and  clusters,  said 
the  day  will  come  when  the 


server  clusters  can  be  ordered 
via  the  Web. 

Rooholamini  didn’t  say  when 
that  is  likely  to  happen  and  con¬ 
ceded  that  a  cluster  “is  more 
complex  from  an 
ordering  standpoint 
than  a  notebook 
PC.”  But,  he  said,  “it 
basically  uses  the 
same  piece  parts  as 
our  servers.  We  are 
just  taking  these 
parts  and  building  blocks  and 
connecting  them  into  a  super¬ 
computer.” 

Michael  Dell,  the  company’s 
chairman  and  CEO,  made  a 


Pulls  together  info 
on  its  pricing,  but 
policies  unchanged 


BY  JORIS  EVERS 

As  promised,  Oracle  Corp.  last 
week  made  a  guide  to  its  soft¬ 
ware  licensing  policies  avail¬ 
able  on  its  Web  site  and  said 
the  40-page  document  should 
answer  up  to  90%  of  the  ques¬ 
tions  users  have  about  the 
company’s  pricing  models. 

The  Software  Investment 
Guide  doesn’t  include  any 
changes  to  Oracle’s  licensing 
plans  or  provide  information 
that  wasn’t  already  available, 
according  to  users  and  analysts 
who  reviewed  draft  versions. 
But  it  does  pull  together  licens¬ 
ing  details  that  were  previous¬ 
ly  found  in  various  documents. 

Tom  Wyatt,  president  of  the 
independent  Oracle  Applica- 


similar  point  during  an  inter¬ 
view  last  month  [QuickLink 
32329].  He  said  he  doesn’t  view 
the  clusters  as  being  much  dif¬ 
ferent  from  other  products. 
“All  technology  over  time  com¬ 
moditizes  at  its  simplest  level,” 
Dell  said. 

Mark  Melenovsky,  an  analyst 
at  Framingham,  Mass.-based 
IDC,  called  the  sale 
of  large-scale  clus¬ 
ter  computers  “the 
only  bright  spot  in 
the  server  market” 
this  year.  IDC  re¬ 
ported  two  weeks 
ago  that  total  world¬ 
wide  server  sales  fell  by  17% 
year  to  year  in  the  second 
quarter.  But  Melenovsky  said 
he  has  seen  a  boom  in  the  sale 
of  large  clusters  with  hundreds 


tions  Users  Group  in  Atlanta, 
said  the  guide  encompasses 
licensing  areas  that  were  cov¬ 
ered  by  “20  or  30”  separate 
documents  until  now. 

“It  provides  a  great  resource 
for  users  to  understand  the  ter¬ 
minology  of  software  pricing 
and  how  that  applies  to  an 
organization’s  structure,”  said 
Wyatt,  who  is  director  of  Ora¬ 
cle  systems  at  Sitel  Corp.,  a 
customer  service  outsourcing 
firm  in  Baltimore. 

Customer-Driven 

Oracle  first  announced  plans 
for  the  guide  at  its  European 
OracleWorld  conference  in 
June,  shortly  after  some  of  the 
company’s  licensing  policies 
were  criticized  by  users  and 
analysts  [QuickLink  30999]. 
Jacqueline  Woods,  Oracle’s  vice 
president  of  global  pricing  and 
licensing  strategy,  said  the  guide 
wasn’t  a  direct  response  to  the 
criticism,  but  she  added  that 


or  thousands  of  nodes. 

Nonetheless,  he  added  that 
it’s  “a  bit  of  a  stretch”  for  Dell 
to  believe  it  can  take  its  build- 
to-order  model  to  the  super¬ 
computer  level.  Melenovsky  in¬ 
stead  predicted  the  growth  of  a 
boutique  services  industry  to 
help  users  handle  the  complex 
ordering  and  installation  of 
large  clusters. 

A  spokeswoman  for  Dell 
wouldn’t  specify  how  many 
large  clusters  the  company  has 
sold  this  year.  But  she  said  Dell 
has  installed  “hundreds  of  clus¬ 
ters”  altogether,  including  at 
least  16  systems  that  each  have 
more  than  100  server  nodes. 

Jeffrey  Skolnick,  director  of 
the  Buffalo  Center  of  Excel¬ 
lence  in  Bioinformatics  at  the 
university,  said  his  team  of  re¬ 


customer  requests  prompted 
the  company  to  create  it. 

“Customers,  some  of  them, 
may  have  felt  that  we  were  not 
as  clear  as  we  should  have 
been,  and  we  felt  that  it  was 
important  to  provide  that  clar¬ 
ity,”  Woods  said.  “There  was  a 
sentiment  that  people  could 
not  find  the  information,  or  did 
not  know  where  it  was,  or 
thought  it  was  hard  to  get  to.” 

Jane  Disbrow,  a  Gartner  Inc. 
analyst  based  in  Columbus, 
Ga.,  said  the  draft  version  of 
the  guide  she  read  “was  pretty 
much  exactly  what  is  already 
available  on  the  Internet,  just 


I  appreciate  the 
opportunity  to 
not  have  to  talk 
to  a  salesperson. 

TOM  WYATT. 

PRESIDENT.  ORACLE 
APPLICATIONS  USERS  GROUP 


BOXES  AND  BOXES 

For  more  coverage  of  server 
technologies,  visit  our 
Hardware  Knowledge  Center: 

O  QuickLink  k2200 
computerworld.com 


Oracle  Releases  Software 
Licensing  Guide  for  Users 
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Big  Cluster 
On  Campus 

The  Dell  server  cluster 
installed  by  the  University 
at  Buffalo  includes  the  fol¬ 
lowing  technologies: 

■  More  than  2,000  Dell  Power- 
Edge  2650  and  PowerEdge 
1650  servers,  equipped  with 
more  than  4,000  Intel  chips 

■  Red  Hat’s  Linux  and  Platform 
Computing’s  LSF  5  cluster  work¬ 
load  management  software 

■  A 16TB  storage-area 

network  built  around  EMC 
storage  devices  and  Extreme 
Networks’  BlackDiamond  I/O 
switches 

searchers  will  use  the  cluster 
installed  on  the  Buffalo  cam¬ 
pus  to  conduct  research  work 
that  could  eventually  lead  to 
the  development  of  drugs  for 
combating  cancer,  Alzheimer’s 
disease  and  AIDS.  I 


that  it  is  now  in  one  document 
that  you  can  print  out.” 

Though  the  guide  gives  users 
a  high-level  overview  of  Ora¬ 
cle’s  pricing  policies,  IT  man¬ 
agers  “won’t  be  able  to  deter¬ 
mine  what  the  best  way  would 
be  to  license  a  certain  [soft¬ 
ware]  environment  by  just 
reading  the  guide,”  Disbrow 
said.  “There  are  no  secrets  in 
it,  no  surprises.” 

But  Wyatt  said  the  docu¬ 
ment  could  help  potential  cus¬ 
tomers  make  up  their  minds 
about  contracts  without  being 
led  by  Oracle’s  sales  force.  “I 
appreciate  the  opportunity  to 
not  have  to  talk  to  a  salesper¬ 
son,”  he  said.  “As  a  user,  I  can 
be  more  prepared  in  dealing 
with  my  salesperson  and  po¬ 
tentially  purchasing  licenses 
through  the  Internet.” 

Wyatt  had  only  one  sugges¬ 
tion  for  Oracle:  Update  the 
guide  as  needed  so  it  keeps  its 
value  to  users.  “The  document 
should  not  become  stale,”  he 
said.  “If  it  is  going  to  be  an  end- 
user  tool,  it  is  important  that  it 
is  continuously  updated.”  I 


Evers  writes  for  the  IDG  News 
Service. 
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Avaya  scores  with  one  of  the  world's 
largest  IP  Telephony  networks. 

Billions  watched  the  FIFA  World  Cup™  as  the  vital  voice 
and  data  from  the  world's  largest  sporting  event  was  sent 
over  one  of  the  world's  largest  converged  networks,  designed, 
built  and  maintained  by  Avaya.  Typically  a  12-month  project,  it 
was  completed  in  just  four,  and  saved  hundreds  of  thousands  of 
dollars  in  costs.  Our  IP  Telephony  solutions  handled  close  to  100,000 
IP  phone  calls  per  day  and  peak  data  traffic  four  times  that  of  a 
typical  FORTUNE  500 ®  company.  Working  with  international  partners 
and  20  venues  in  two  countries,  Avaya,  a  global  leader  in  voice  and  data 
networks,  delivered  a  practically  flawless  performance.  Utilizing  the  expertise 
of  our  Global  Services  organization  and  patented  Avaya  EXPERT  Systems 
diagnostic  tools,  99.999%  of  packets  were  transmitted  securely  and 
reliably —  with  virtually  zero  downtime.  See  what  Avaya  can  do  for  your  business. 
For  a  case  study  of  the  FIFA  World  Cup ™  network,  visit  avaya.com/nowtwo 
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With  Avaya,  you’re  already  this  close  to  IP  Telephony. 


Because  Avaya,  the  leader  in  voice  solutions,  has  opened  up  the  world  of  IP  Telephony  to  any 
business.  In  fact,  our  feature-rich  MultiVantage™  software  works  in  an  open  architecture.  This  allows  you 
to  utilize  your  existing  investment  in  both  Telephony  and  LAN  switches,  while  extending  Enterprise 
Class  IP  Solutions  to  anywhere  in  your  network.  So  you  get  the  flexibility  to  deploy  new  capabilities 
exactly  where  they're  needed  —  while  leveraging  your  current  network  and  applications  investments. 
To  begin  assessing  your  network,  contact  us  at  866-GO-AVAYA.  Or  learn  more  at  avaya.com/yes 
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CTO’s  Departure 
From  Veritas 
Continues  Spate 
Of  Exec  Changes 

BY  LUCAS  MEARIAN 

Veritas  Software  Corp.’s  chief  technol¬ 
ogy  officer  resigned  late  last  month, 
continuing  a  series  of  high-level  man¬ 
agement  changes  that  began  early  this 
year  at  the  storage  management  vendor. 

Analysts  said  nearly  a  dozen  execu¬ 
tives  have  left  Mountain  View,  Calif.- 
based  Veritas  during  the  past  six 
months.  In  the  same  time  frame,  the 
company  has  brought  in  several  new 
senior  managers  to  run 
its  product  and  marketing 
operations  and  its  merger 
and  acquisition  activities. 

The  dramatic  shift  in 
upper  management  fol¬ 
lows  a  $651  million  net 
loss  last  year  and  CEO 
Gary  Bloom’s  assumption  of  the  chair¬ 
man’s  position  in  January.  Bloom  took 
over  that  job  from  Mark  Leslie,  whom 
he  replaced  as  president  and  CEO  in 
November  2000. 

Veritas  officials  and  industry  analysts 
alike  described  the  overhaul  as  a  natur¬ 
al  result  of  the  ascension  of  Bloom,  a 
former  Oracle  Corp.  executive,  to  the 
top  three  jobs  at  the  company. 

“Seven  vice  presidents  left  in  one 
week  in  April,”  said  Michael  Peterson, 
an  analyst  at  Strategic  Research  Corp.,  a 
storage  management  market  research 
firm  in  Santa  Barbara,  Calif.  “This  is 
Gary’s  operating  style:  to  replace  Mark 
Leslie’s  executive  operating  team.” 

A  Veritas  spokesman  said  via  e-mail 
that  Bloom  has  brought  in  a  manage¬ 
ment  team  that  “he’s  very  confident 
with.”  New  members  include  Mark 
Bregman,  a  longtime  IBM  executive 
who  was  hired  by  Veritas  in  February  to 
oversee  product  operations,  and  Jere¬ 
my  Burton,  another  Oracle  veteran  who 
was  named  chief  marketing  officer  at 
Veritas  in  April  (see  box). 

Veritas,  one  of  the  biggest  vendors 
of  storage  management  software,  had 
$1.5  billion  in  revenue  last  year.  In  the 
wake  of  its  big  loss  for  2001,  the  com¬ 
pany  in  July  reported  a  net  profit  of 
$70.5  million  on  revenue  of  $735.1  mil¬ 
lion  for  the  first  half  of  this  year. 

The  management  overhaul  isn’t  a 


sign  that  Veritas  is  falling  apart,  accord¬ 
ing  to  Peterson.  “It’s  a  normal  transition 
that  occurs  when  you  change  top 
execs,”  he  said. 

But  Anders  Lofgren,  an  analyst  at 
Giga  Information  Group  Inc.  in  Cam¬ 
bridge,  Mass.,  said  Veritas  is  under 
more  pressure  from  competitors  such 
as  EMC  Corp.,  Sun  Microsystems  Inc., 
Mountain  View,  Calif. -based  Legato 
Systems  Inc.  and  even  Microsoft  Corp., 
which  last  week  announced  the  first  in 
a  promised  line  of  storage  management 
software  for  Windows  systems. 

“I  think  there’s  still  good  technology 
coming  out  of  Veritas,  but  they  are  feel¬ 
ing  the  heat  more  so  than  they  have  in 
the  past,”  Lofgren  said. 

The  latest  executive  to  leave  is  Paul 
Borrill,  who  said  he’s  stepping  down  as 
chief  technology  officer  at  Veritas  to 
start  his  own  company. 

“I  felt  like  I  wouldn’t  be  doing  any 
harm  to  Veritas  if  I  left  now,”  Borrill 
said.  “We  do  intend  to 
continue  to  have  a  strong 
relationship.” 

Borrill,  whose  last  day 
at  Veritas  was  Aug.  29, 
wouldn’t  disclose  details 
about  the  technology  that 
his  new  company  will 
focus  on  or  say  whether  Veritas  is  help¬ 
ing  to  fund  the  venture. 

Veritas  said  a  permanent  replace¬ 
ment  for  Borrill  hasn’t  been  named  yet. 
Fred  van  den  Bosch,  executive  vice 
president  of  product  strategy  and  new 
product  initiatives,  will  take  over  Bor- 
rill’s  job  responsibilities  for  now.  ► 


The  management  changes  at  Veritas 
include  the  following: 

WHO’S  IN? 


Mark  Bregman,  executive  vice  president 
of  product  operations,  including  engineering 
and  product  management 

Jeremy  Burton,  chief  marketing  officer 

Paul  DiNardo,  vice  president  of  corporate 
development 

WHO’S  OUT? _ 

Paul  Borrill,  chief  technology  officer 

Michael  Howard,  vice  president  and 
general  manager  of  the  company’s  Internet 
division 

Prashant  Dholakia,  senior  vice  president 
of  the  availability  products  group 

Neal  Ater,  senior  vice  president  of  the  data 
protection  products  group 


ST0RA6E  DOWNLOAD 

For  full  coverage  of  storage 
technology  and  issues,  head  to  our 
Storage  Knowledge  Center: 

OQuickLink  k1700 

www.computerworld.com 


IP  Telephony. 
Where  to  start? 


With  Avaya  Enterprise  Class 
IP  Solutions  (ECLIPS) 
featuring  MultiVantage 


Software,  start  anywhere 
in  your  network. 


S8700  Media  Server 


At  the  core. 

•  Delivers  up  to  99.999% 
reliability 

•  Scalable  from  20  to 
1  million  users 


At  the  edge. 


to 


Pocket  PCs 


•  Survivable  remote  location 

*  Standards-based  distributed 
architecture 
Cost-effective  option 


From  IP  Phones 


With  a  specific  workgroup. 

•  First  to  seamlessly  extend 
applications  to  cellular 

•  Takes  applications  to  remote 
and  mobile  workers  for 


To  begin  assessing  your  network,  contact  us  at 
866-GO-AVAYA.  Or  learn  more  at  avaya.com/yes 
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When  .NET  connected  software  helps  you  quickly  connect  islands  of  data  into  one  clear  picture  for  your  employees,  that’s 

one  degree  of  separation.  All  too  often,  data  critical  to  internal  decision-making  is  scattered  throughout  your  enterprise,  and  you  need  to 

i 

collect  and  present  it  in  a  way  that  makes  sense— quickly.  Microsoft®  SQL  Server™  2000  Enterprise  Edition  with  Analysis  Services  unifies  and 
analyzes  data  from  various  systems  using  Data  Mining  and  Data  Transformation  Services.  Analytics  built  into  Data  Analyzer  make  information 
available  immediately  to  the  employees  who  require  it,  in  a  way  that  makes  decision-making  easier  and  more  effective.  And  that’s  important, 
because  when  vital  decisions  are  put  off,  so  are  profits.  That’s  one  degree  of  separation.  That’s  business  intelligence  with  .NET.  Find  out  how 
.NET  connected  software  can  help  you  see  the  big  picture.  Go  to  microsoft.com/enterprise  Software  for  the  Agile  Business. 
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CompUSA  used  Microsoft  SQL  Server  2000  with  Analysis  Services  and  Data  Transformation  Services  to  extract  point-of-sale 
data  from  228  stores,  150  applications,  and  numerous  databases,  and  then  integrate  the  information  into  one  data  warehouse. 


Now,  not  only  are  employees  able  to  get  a  clearer  picture  of  the  business  at  large,  but  the 
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VPN/SECURITY 


OPTICAL  NETWORKING 


IP  COMMUNICATIONS 


CONTENT  NETWORKING 


STORAGE  NETWORKING 


WIRELESS  AND  MOBILE  OFFICE 


cisco.com/go/opticalnetworking 


Extend  your  existing  enterprise  network  infrastructure  to  reduce  equipment  and 
operating  costs.  Integrate  voice,  video,  data,  and  storage  applications  over  a  high 
+  capacity,  high  availability,  multiservice  optical  network  with  Cisco  COMET:  Complete 
Optical  Multiservice  Edge  Transport.  Cisco  COMET  provides  the  optical  foundation 


for  CISCO  AVVID.  With  Cisco  AVVID  enterprise  architecture,  you  can  do  all  this  without  any  disruption. This  standardized 
enterprise  architecture  allows  you  to  seamlessly  integrate  voice,  video,  wireless,  and  data  applications  on  a  single, 
scalable  network.  This  includes  new  and  existing  technologies  alike.  Whether  you're  building  your  enterprise  network 
or  extending  it  with  Cisco  Powered  Network  services,  take  advantage  of  the  tools  below  to  get  it  done  right. 
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Hershey  Upgrades  R/3  ERP  System  Without  Hitches 


BY  TODD  R.  WEISS 

Hershey  Foods  Corp.  ran  into  major 
problems  when  it  deployed  SAP  AG’s 
R/3  software  and  other  business  appli¬ 
cations  three  years  ago.  But  the  candy 
maker  had  better  luck  with  an  upgrade 
to  the  Web-enabled  version  of  R/3. 

Hershey  late  last  month  said  the  up¬ 
grade  of  its  enterprise  resource  plan¬ 
ning  (ERP)  system  to  R/3  4.6  was  com¬ 
pleted  20%  under  budget 
and  without  any  of  the  or¬ 
der  processing  and  prod¬ 
uct-shipment  disruptions 
that  marred  the  initial  $112 
million  rollout  in  1999.  The 
upgrade  began  in  July  2001 
and  was  finished  in  May, 
the  Hershey,  Pa.-based  company  said. 

Hershey  said  it  was  able  to  make 
more  than  30  improvements  to  its  core 
business  processes  within  60  days  of 
going  live  with  R/3  4.6,  which  is  part  of 
SAP’s  mySAP.com  product  line.  The 
company  cited  enhancements  such  as 
the  automation  of  pick-list  processing 
and  materials  management  invoice  ver¬ 
ification,  plus  credit  processing  for  dis¬ 
tributors  to  military  customers. 

Those  improvements  have  helped 
reduce  costs  and  speed  up  processing 
times,  Hershey  said  in  a  statement. 
The  company  added  that  it  has  also 
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“achieved  a  near-zero-defect  produc¬ 
tion  environment”  with  R/3  4.6  and  is 
using  SAP’s  business  analysis  tools  to 
measure  the  impact  of  sales  and  mar¬ 
keting  programs  as  they  happen. 

Hershey  officials  declined  to  com¬ 
ment  beyond  the  statement  issued 
about  the  upgrade.  In  the  statement,  Joe 
Zakutney,  director  of  the  SAP  upgrade 
program,  said  Hershey’s  IT  staff  was 
_  able  to  exceed  its  deliv¬ 
ery  commitments  for  the 
project  because  of  “strong 
program  management  and 
executive  leadership,  dili¬ 
gent  planning  and  .  .  . 
an  extensive  testing  and 
training  plan.” 

Joshua  Greenbaum,  an  analyst  at  En¬ 
terprise  Applications  Consulting  in 
Daly  City,  Calif.,  said  Hershey’s  experi¬ 
ences  illustrate  the  fact  that  most  trou¬ 
bled  ERP  rollouts  are  caused  by  project 
management  issues,  not  faulty  software. 

Despite  the  initial  problems,  Hershey 
stuck  with  R/3  because  it  recognized 
that  it  could  get  a  lot  of  business  value 
from  the  technology  “if  they  bothered 
to  do  it  right,”  Greenbaum  said. 

In  fall  2000,  Hershey  said  that  it  had 
fixed  most  of  the  initial  problems  with 
the  ERP  system. 

For  the  upgrade,  the  company  enlist¬ 


Bankrupt  Trucking  Company 
Spares  Half  of  IT  Staff  -  For  Now 


BY  LINDA  ROSENCRANCE 

Half  of  the  120  IT  workers  at  Consoli¬ 
dated  Freightways  Corp.  were  kept  on 
the  job  when  the  Vancouver,  Wash.- 
based  trucking  company  shut  down 
most  of  its  operations  last  week.  But  the 
reprieve  will  be  only  temporary. 

Consolidated  Freightways,  which 
plans  to  liquidate  its  assets  under  Chap¬ 
ter  11  bankruptcy  protection,  said  the 
remaining  IT  employees  are  needed  to 
support  key  technology  systems  that 
will  remain  operational  until  final  de¬ 
liveries  are  made  to  customers. 

For  example,  the  company  said  it  will 
continue  to  send  electronic  data  inter¬ 
change  transmissions  to  customers  and 
will  still  let  them  track  shipments  via  its 
Web  site.  A  secure  portion  of  the  Web 
site  will  also  continue  to  be  available  to 
customers,  the  company  added. 

Mike  Brown,  a  spokesman  for  Con¬ 


solidated  Freightways,  said  the  rest  of 
the  IT  staff  was  laid  off  last  week  as  part 
of  a  cutback  that  affected  about  12,400 
of  the  company’s  15,500  employees.  The 
company  hasn’t  yet  determined  how 
long  the  remaining  IT  workers  will 
keep  their  jobs,  Brown  said. 

However,  Consolidated  Freightways 
noted  that  all  the  employees  who  are 
still  on  its  payroll  will  be  phased  out  in 
an  “expeditious  shutdown.”  The  com¬ 
pany  said  that  it  doesn’t  have  the  finan¬ 
cial  resources  to  continue  operating. 

The  liquidation  process  will  include 
a  sell-off  of  Consolidated  Freightways’ 
technology  assets,  Brown  said. 

Despite  the  planned  shutdown,  the 
company  said  its  CFAirFreight  and 
Canadian  Freightways  Ltd.  subsidiaries 
will  continue  to  operate  as  stand-alone 
businesses.  Those  units  have  their  own 
IT  staffs,  Brown  said.  I 


ed  the  help  of  SAP  and  Accenture  Ltd. 

An  SAP  spokesman  acknowledged 
that  there  was  “some  pain  involved”  in 
Hershey’s  initial  installation.  “This  has 


often  been  a  case  that’s  cited  for  past 
troubles . . .  which  is  why  we’re  particu¬ 
larly  pleased”  about  the  upgrade 
process,  he  said.  > 

Reporter  Marc  L.  Songini  contributed 
to  this  story. 
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MARYFRAN  JOHNSON 

Once  Again,  IT  Responds 


HEN  WE  POSTED  our  Sept.  11 
aftermath  survey  on  Computer- 
world.com  a  few  weeks  ago,  I  had 
to  wonder  if  anyone  would  even 
respond.  There’s  such  a  feeling  of 


national  exhaustion  in 
the  air  as  we  approach 
this  dreaded  first  an¬ 
niversary.  As  beleaguered 
as  they  are  with  con¬ 
strained  budgets  and 
continuing  security  wor¬ 
ries,  would  IT  profes¬ 
sionals  be  willing  to  an¬ 
swer  yet  another  round 
of  questions  about  the 
ongoing  impact  of  9/11? 

Indeed  you  were,  and 
once  again,  you  respond¬ 
ed.  Some  2,620  of  you  —  both  man¬ 
agement  and  staff  —  generously  took 
the  time  to  give  us  feedback  about 
the  sorry  state  of  IT  spending  on  se¬ 
curity  today  (see  story,  page  6).  Only 
half  of  our  respondents  said  their 
companies  had  launched  new  proj¬ 
ects  to  improve  data  security  in  re¬ 
sponse  to  the  terrorist  attacks,  while 
41%  noted  that  nothing  had  changed. 

To  their  credit,  most  firms  (61%) 
were  managing  to  keep  other  IT 
projects  on  track,  regardless  of  the 
additional  security  demands,  al¬ 
though  a  substantial  23%  of  our  sam¬ 
ple  was  forced  to  cancel  or  postpone 
such  projects.  The  weighty  responsi¬ 
bility  of  keeping  business  networks 
and  data  safe  has  never  felt  heavier. 

“Initially,  there  was  a  great  fervor 
about  security  and  business  continu¬ 
ance,”  Meta  Group  analyst  Mark 
Shainman  told  our  reporter  Mark 
Hall.  But  those  good  intentions  be¬ 
gan  to  fade  in  the  face  of  recession¬ 
ary  budget  realities,  coupled  with 
the  hope  that  existing  security  plans 
would  provide  enough  protection. 

Perhaps  they  will.  But  it’s  a  more 
frightening  gamble  than  corporate 
America  is  usually  willing  to  take. 
Researchers  at  Gartner  estimated 
last  year  that  60%  of  U.S.  businesses 
—  particularly  those  that  rely  heavily 
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on  their  IT  infrastruc¬ 
tures  —  haven’t  spent 
enough  on  business  con¬ 
tinuity  or  disaster  recov¬ 
ery  to  guarantee  their 
own  survival.  And  in  an¬ 
other  poll  released  this 
month  by  CSO  magazine 
(a  new  sister  publication 
of  ours),  59%  of  1,000 
chief  security  officers 
said  electronic  attacks 
pose  a  much  bigger  con¬ 
cern  to  their  companies 
than  physical  ones. 

“Everyone  agrees  [security  is]  a 
big  issue,  but  there’s  no  budget  for  it 
and  you  still  have  to  deal  with  it,” 
said  one  of  our  survey  respondents. 
That  observation  neatly  summarizes 
the  situation  for  IT  as  fiscal  2003 
looms:  mounting  threats  and  mini¬ 
mal  resources. 

In  fact,  our  survey  showed  that 
those  who  have  been  spending  more 
money  on  security  are  mostly  drain¬ 
ing  the  cash  from  existing  IT  bud¬ 
gets  (28%)  rather  than  funding  it 


with  additional  monies  (16%)  or 
turning  to  sources  outside  of  IT 
(8%).  Jazzier  technologies  such  as 
biometrics  and  authentication  get 
short  shrift  on  the  shopping  list,  as 
security  spending  concentrates  on 
practicalities  such  as  additional  data 
security  and  backup. 

Indeed,  it  is  the  practical,  prob¬ 
lem-solving  nature  of  IT  pros  that 
continues  to  impress  us.  in  the  after- 
math  of  the  attacks  last  year,  our  of¬ 
fice  was  flooded  with  calls  from  IT 
people  volunteering  their  technical 
expertise  and  assistance.  During  the 
year  that  followed,  we’ve  written 
hundreds  of  stories  about  how  you 
have  all  continued  to  cope  with  new 
security  demands  and  old  budget 
problems. 

Throughout  this  issue,  in  this 
mournful  memorial  week,  you’ll  find 
another  dozen  stories  labeled 
“September  11:  IT  Responds.”  Some 
of  those  articles,  we  hope,  will  give 
you  fresh  ideas  to  consider  in  areas 
such  as  vulnerability  testing,  busi¬ 
ness  continuity,  disaster  prepared¬ 
ness  and  even  IT  contract  negotia¬ 
tion.  Others  provide  the  latest  news 
on  how  your  colleagues  in  IT  contin¬ 
ue,  as  always,  to  respond. 

And  in  case  no  one’s  said  this  to 
you  lately:  Thank  you  for  being 
there,  and  for  getting  the  job  done.  I 
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PIMM  FOX 

9/11  Prompts 
Paper  Chase 
Out  the  Door 

AS  THOUGHTS  TURN 
to  the  tragic  events  of 
last  September,  there 
are  lessons  to  cull  from  the 
wreckage  of  the  35th  and  36th 

floors  of  the  north  tower  of  the  World 
Trade  Center. 

This  was  the  site  of  Kemper  Casual¬ 
ty,  a  division  of  Kemper  Insurance. 

The  attack  cost  the  company  office 
space  for  225  employees  (all  of  whom 
were  safely  evacuated)  and  11  servers. 
The  employees  were  relocated  to  New 
Jersey  and  Long  Island,  N.Y.,  while 
trucks  loaded 
with  monitors, 
laptops,  servers 
and  phone 
switches  rum¬ 
bled  from  Kem¬ 
per’s  Chicago- 
area  facilities  to 
the  East  Coast  to 
augment  the 
firm’s  disaster 
recovery  efforts. 

The  emer¬ 
gency  plan  proved  workable,  with 
e-mail  restored  before  midnight  on  9/11 
and  all  data  from  applications  available 
within  48  hours. 

A  clear  success,  but  Kemper  was 
hardly  complacent  afterward. 

“Paper  is  difficult  to  replace,”  says 
Ron  Roecker,  CIO  at  Kemper  Casualty, 
“and  we  lost  a  lot  of  paper  that  day, 
and  that  had  a  big  effect  on  our  agents, 
brokers  and  customers.” 

That’s  why  Roecker  made  a  commit¬ 
ment  to  move  as  many  of  the  compa¬ 
ny’s  paper  files  to  a  digital  format 
within  a  content  management  system 
as  possible. 

“Everything  is  being  Web-based,” 
says  Roecker,  “including  our  internal 
applications;  it  makes  deployments  to 
dispersed  locations  easier.” 

To  reach  his  goal  of  removing  as 
much  paper  from  the  business  as  he 
can,  Roecker  has  moved  to  a  central¬ 
ized  IT  organization  because  it’s  easier 
to  manage  the  deployment  of  Web- 
based  applications.  He’ll  also  use  this 
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centralized  approach  to  control  what’s 
on  desktops. 

The  process  began  as  documents 
were  transferred  into  an  electronic  for¬ 
mat.  Then  Roecker  took  advantage  of 
content  management’s  collaborative 
possibilities. 

“When  we  did  the  analysis,  we  saw 
the  functionality  of  going  with  content 
management  as  a  way  to  build  a  collab¬ 
orative  environment,”  he  says.  He  cites 
the  scenario  of  an  underwriter  in  Chi¬ 
cago  working  with  an  underwriter  in 
New  York  by  phone  and  e-mail  rather 
than  faxing  documents  back  and  forth. 

“We  don’t  have  to  have  the  person  in 
Chicago  fax  a  thousand  pages  of  a  poli¬ 
cy  to  someone  in  New  York,”  Roecker 
says,  adding,  “There’s  a  workflow 
piece  that  comes  with  content  manag¬ 
er,”  referring  to  IBM’s  Content  Manag¬ 
er  technology. 

The  content  management  system 
also  produces  to-do  lists  that  are  sent 
to  users’  e-mail  boxes  with  specific  no¬ 
tations  so  agents  and  brokers  working 
on  common  files  can  follow  the  flow  of 
notes  and  comments.  And  unlike  sticky 
notes,  those  comments  can’t  get  lost. 

“Decision-making  times  are  squeezed 
down  from  weeks  to  hours,”  says 
Roecker.  “That’s  how  content  manage¬ 
ment  is  changing  things  in  the  insur¬ 
ance  business.”  > 

THORNTON  MAY 

Critical 
Thinking 
Fails  at  Dell 

Sometimes  companies 
can  do  things  so  well  for 
a  while  that  they  believe 
that  their  future  will  be  a  rep¬ 
etition  of  the  past.  History  is 

littered  with  the  carcasses  of  corpora¬ 
tions  that  believed  this. 

What  surprises  me  these  days  is  that 
Dell  Computer’s  latest  strategy  dem¬ 
onstrates  that  kind  of  very  limited  we- 
don’t-have-to-take-those-kinds-of- 
risks-anymore  conservatism.  I  sense  a 
lack  of  critical  thinking. 

This  is  a  pity.  Dell  is  a  smart  compa¬ 
ny.  Along  with  the  rest  of  the  industry, 

I  have  come  to  expect  truly  differenti¬ 
ated  and  innovative  strategic  thinking 
from  the  folks  in  Round  Rock,  Texas. 
However,  the  strategy-makers  at  Dell 
appear  to  have  started  to  believe  their 
own  press  clippings. 


This  failure  of  critical 
thinking  about  Dell’s  future 
isn’t  limited  to  the  people  in¬ 
side  the  company.  It  per¬ 
vades  the  entire  industry,  the 
press  and  academia.  Of  late, 

Dell  is  suffering  from  the 
same  they-can-do-no-wrong- 
the-world-belongs-to-them 
media  sycophancy  that  pre¬ 
cipitated  Enron’s  fall  from 
grace.  Meanwhile,  B-school 
professors  trot  out  lame  and 
oh-so-historical  supply  chain 
cases  showing  how  Dell’s  di¬ 
rect  model  is  eating  everyone’s  lunch. 

Of  course,  Dell  has  a  great  track 
record.  It  was  prescient  in  designing  its 
direct-to-consumer  model.  It  was  cour¬ 
ageous  in  avoiding  the  siren  song  of 
SAP’s  allegedly  integrated  software. 
And  it  was  absolutely  spot-on  in  creat¬ 
ing  a  second-to-none  customer  assis¬ 


tance/support  competency. 
However,  that  was  yester¬ 
day.  As  a  futurist  I  ask, 
What  about  tomorrow? 

Dell  has  stated  its  inten¬ 
tion  to  enter  three  markets 
by  the  end  of  the  year: 
printers,  handhelds  and  un¬ 
branded  PCs.  But  it’s  enter¬ 
ing  existing  markets,  not 
creating  them.  This  is  trag¬ 
ic.  Dell  is  bypassing  an  op¬ 
portunity  to  reignite  the  en¬ 
tire  technology  sector. 
Stealing  some  printer  sales 
from  Hewlett-Packard  and  pumping  out 
a  couple  more  Palms  isn’t  the  answer. 

I  see  three  monster  game-changing 
opportunities  looking  Dell  right  in  the 
face.  In  the  future,  the  big  money  for 
Dell  lies  not  in  selling  more  boxes  but 
in  selling  its  expertise  in  supply  chain 
efficiencies  and  direct-to-consumer 


competence.  If  I  were  Michael  Dell,  I 
would  go  to  the  industry  leader  in  each 
vertical  market  and  offer  to  streamline 
its  supply  chain  in  exchange  for  all  the 
gear  the  company  buys  and  a  piece  of 
the  equity  upside. 

Next,  I  would  have  some  sassy  infor¬ 
mation  architects  repackage  all  that 
“what  is  being  bought”  information 
that  aggregates  so  easily  from  the 
proper  operation  of  the  Dell  direct 
model  into  meaningful  top-of-the- 
house  briefing  nuggets. 

Finally,  I  would  take  the  Dell  direct 
model,  which  redefined  point-of-sale 
technology,  and  create  point-of-design 
systems.  Have  CTOs  log  on  and  create 
their  “fantasy  product  sets,”  then  link 
with  venture  capitalists  to  fund  and 
build  prototypes. 

The  question  is  not  whether  Dell  has 
a  future;  it’s  whether  that  future  is 
spelled  with  a  big  F  or  a  little  /.  I 
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Plainer  Than  Plain  English 

I  agree  with  Kathleen 
Melymuka’s  points  in  her 
article  “Failure  to  Com¬ 
municate”  [QuickLink 
31976],  however  her  “plain 
English”  translations  still 
contain  geekspeak.  Most 
business  people  will  not  un¬ 
derstand  terms  like  plug  and 
play  or  core.  Also,  the  expla¬ 
nation  of  VPN  isn’t  really 
understandable  unless  you 
understand  the  underlying 
principles,  which  business 
people  shouldn’t  have  to. 
Most  of  the  items  on  the  list 
are  at  too  detailed  a  level, 
and  an  IT  person  shouldn’t 
discuss  these  kinds  of  things 
with  a  business  person, 
whether  he’s  using  jargon  or 
plain  English.  Instead  of  us¬ 
ing  plain  English  to  describe 
what  a  proxy  server  is,  you 
should  just  say  we  need  to 
buy  some  additional  com¬ 
puters  so  we  can  get  faster 
access  to  the  Internet,  and 
leave  it  at  that. 

George  Alland 
Woodbury.  Minn. 


Easing  Software  Liability 

After  many  years  in 
the  software  field,  I 
don’t  believe  that  the 
suggestions  offered  by  Patri¬ 


cia  Keefe  in  her  editorial 
“Software  Insecurity”  would 
really  help  [QuickLink 
31815].  True,  there’s  a  lot  of 
buggy  software,  but  many 
software  companies  I  have 
worked  with  try  hard  to  re¬ 
duce  bugs  as  much  as  possi¬ 
ble.  Software  is  much  more 
complex  than  many  other 
products.  It  takes  too  much 
effort,  money  and  time  to  try 
all  the  millions  of  combina¬ 
tions  possible.  The  only 
folks  who  were  successful  in 
doing  so  to  some  extent 
were  proprietary  manufac¬ 
turers  in  the  ’70s  and  ’80s 
that  controlled  both  hard¬ 
ware  and  software. 

Trying  to  increase  soft¬ 
ware  product  liability  will 
end  up  costing  us  all  much 
more  than  the  bugs  we  have 
now.  Big  liability  require¬ 
ments  are  excellent  for  big 
vendors.  Their  smaller  com¬ 
petitors  can  then  be  easily 
crushed  financially.  Instead 
of  thousands  of  software 
vendors,  we  will  have  a 
handful.  Your  software  may 
work  better,  but  it  will  cost 
you  a  lot,  and  you  will  have 
to  wait  a  long  time  for  new 
features,  since  everything 
has  to  be  extensively  tested. 
Sanjay  Murthi 
SMGIobal  Inc. 

Cary,  N.C. 


Sold  on  Convergence 

In  his  article  “Conver¬ 
sation  Trumps  Conver¬ 
gence”  [QuickLink 
32209],  Michael  Gartenberg 
makes  the  same  mistake 
with  PDAs  and  phones  that 
Bill  Gates  did  with  the  640K 
memory  limit  and  that  early 
IT  purchasing  managers  did 
by  deciding  color  screens 
served  no  business  purpose: 
He  focuses  only  on  current 
uses  and  not  on  the  potential 
in  the  future.  Having  used  a 
combined  PDA/phone 
heavily  for  several  years  (the 
Nokia  9110,  not  sold  in  the 
U.S.),  I  find  that  most  of  my 
serious  PDA  use  involves 
the  cellular  connectedness 
and  telephone  integration  of 
the  device.  The  3,000-plus 
phone  numbers  in  my  ad¬ 
dress  book  are  instantly 
available  by  the  phone,  so  I 
rarely  have  to  dial  numbers 
or  receive  a  call  that  isn’t 
identified  by  name.  E-mail 
messages  and  attached  doc¬ 
uments  are  available  in  the 
PDA  for  reading  or  forward¬ 
ing.  Faxes  can  be  received 
and  stored  for  paperless  use 
anywhere.  Information  in 
e-mail  doesn’t  have  to  be 
copied  to  my  PDA  calendar 
or  address  book  —  it’s  al¬ 
ready  there.  Notes  taken  on 


the  PDA,  news  articles  and 
other  information  can  be 
e-mailed  or  faxed  in  one 
click.  Gartenberg  is,  of 
course,  correct  that  all  this 
functionality  could  be 
achieved  by  a  set  of  devices 
communicating  through 
Bluetooth  or  a  similar  proto¬ 
col.  But  that  raises  even 
more  complex  issues  in  in¬ 
terface  design,  protocol  de¬ 
sign  and  wireless  communi¬ 
cation  speed. I  suspect  that 
had  Gartenberg’s  research 
included  people  who  are  al¬ 
ready  using  convergence  de¬ 
vices,  he  would  find  that 
none  would  give  them  up  to 
return  to  primitive,  uncon¬ 
nected  PDAs. 

Bruce  Krulwich 
Chief  technology  officer 
Linguistic  Agents 
Jerusalem 

C0MPUTERW0RLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to  Jamie 
Eckle,  letters  editor.  Computerworld, 
P0  Box  9171, 500  Old  Connecticut 
Path,  Framingham,  Mass.  01701. 
Fax:(508)879-4843. 

E-mail:  letters@computerworld.com. 
Include  an  address  and  phone  num¬ 
ber  for  immediate  verification. 

For  more  current  letters  on  these  and 
other  topics,  go  online  to 

O  computerworld.com/letters 
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RELIABLE* 

ALTERNATIVE 

TO  HIGH-COST 
DATABASES. 

For  your  next  generation  of  applications, 
move  to  the  next  generation  of  database 
technology.  Cache  is  the  post-relational 
database  that  combines  high-performance 
SQL  for  faster  queries  and  an  advanced 
object  database  for  rapidly  storing  and 
accessing  objects. 

With  Cache’s  multidimensional  engine, 
your  future  applications  will  be  massively 
scalable  and  lightning  fast  -  and  they  won’t 
require  frequent  database  administration  or 
hardware  and  middleware  upgrades.  You’ll  get 
higher  performance,  at  lower  cost. 

Plus,  Cache  comes  with  a  powerful  Web 
application  development  environment  that  will 
dramatically  cut  the  time  required  to  build 
and  modify  your  applications. 

The  reliability  of  Cache  has  been  proven 
in  “life-or-death”  applications  at  the  world’s 
largest  hospitals.  With  high  reliability,  high 
performance  and  low  cost-of-ownership, 
you’ll  be  happier  with  Cache. 


With  its  minimal  requirements  for  database 
administration  and  hardware, 

Oracle  users  will  be  happier  with  Cache . 


We  are  InterSystems  -  a  specialist  in  data 
management  for  24  years,  providing  24x7 
support  to  4  million  users  in  88  countries. 

Cache  is  available  for  Windows,  OpenVMS, 
Linux  and  major  Unix  systems. 


InterSystems  f 

E  CACHE 

Make  Applications  Faster 

*So  Reliable,  It’s  The  World's 
Leading  Database  In  Healthcare 

Download  a  fully-functional  version  of  Cache  or  request  it  on  CD  for  free  at  www.lnterSystems.com/ reliable 


C  2002  InterSystems  Corporation.  A*  rights  reserved.  InterSystems  Cache  Is  a  registered  trademark  o(  InterSystems  Corporation.  Other  product 


are  trademarks  of  their  respective  vendors.  RriSAll 
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IT  FIGHTS  TERROR 

The  Los  Alamos  National  Labora¬ 
tory  is  focusing  its  considerable 
scientific  expertise  on  homeland 
defense  and  the  war  on  terrorism. 
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ASSESSING 

VULNERABILITY 

Since  Sept.  11,  IT  managers  have 
been  taking  steps  to  inventory 
their  applications  and  patch  vul¬ 
nerabilities.  While  software  tools 
can  automate  those  processes, 
they  can  also  add  complexity.  And 
most  don’t  help  with  the  patching 
and  repair  process.  Some  compa¬ 
nies  are  turning  to  assessment 
application  service  providers 
for  help.  PAGE  34 


DRIVING  STORAGE 
CONVERGENCE 

The  limitations  of  storage  network¬ 
ing  will  be  overcome  only  by  fully 
converged  SAN/NAS  network  stor¬ 
age,  says  Network  Appliance  CTO 
Steven  Kleiman.  PAGE  36 


SECURITY  JOURNAL 

Eliminating  rogue  wireless  LAN 
access  points  turns  out  to  be 
a  much  easier  task  for  security 
manager  Mathias  Thurman  than 
creating  policies  and  standards 
for  a  secure  WLAN  infrastructure. 
PAGE  38 


QUICKSTUDY 

Universal  Description,  Discovery 
and  Integration  is  an  XML-based, 
platform-independent,  Internet- 
accessible  registry  in  which  busi¬ 
nesses,  software  vendors  and  pro¬ 
grammers  can  describe  the  Web 
services  they  offer  and  provide 
links  on  how  to  use  them.  PAGE  40 


GARY  H.  ANTHES 

Metaphorically  Speaking 


ECHNO-ENTREPRENEUR  RAY  KURZWEIL  recently  bet  Lotus 
founder  Mitch  Kapor  $10,000  that  a  computer  will  pass  the 
Turing  test  before  2029.  British  computer  science  pioneer 
Alan  Turing  in  1950  said  that  if  a  human  interrogator,  com¬ 
municating  blindly  via  text  messages,  couldn’t  distinguish 


responses  from  a  human  from  those  of  a  computer, 
then  the  computer  could  be  deemed  to  have  human 
intelligence. 

Kurzweil  maintains  that  by  2029,  we  will  use  nano¬ 
scale  brain-scanning  technology  to  completely  map 
and  understand  how  the  brain  works  and  then  reverse- 
engineer  it  in  a  computer. 

But  Kapor  says  Kurzweil  is  making  a  dubious  as¬ 
sumption  —  that  the  brain  in  fact  works  like  a  com¬ 
puter,  albeit  a  very  complex  one.  Kapor  argues  that 
we  shouldn’t  engage  in  “distant  extrapolation”  of  the 
brain-as-computer  metaphor.  An  overreliance  on  bio¬ 
logical  metaphors  has  been  the  undoing  of  much  of 
artificial  intelligence,  he  says. 

Indeed,  we  have  used  concepts  from  biology  as 
computational  metaphors  ever  since  Aetna  Insurance 
installed  its  first  “electronic  brain”  (an  IBM  650)  in 
1954.  Such  metaphors  can  give  the  layman  a  shallow 
inkling  of  what’s  going  on.  But  computer  scientists 
and  application  developers  would  never  rely  on  them 
to  guide  their  work,  would  they? 

It  turns  out  researchers  are  increasingly  doing  just 
that.  Stephanie  Forrest,  a  computer  scientist  at  the 
University  of  New  Mexico,  is  building  systems  that 
can  detect  hacker  intrusions  by  imitating  the  human 
immune  system.  A  key  challenge  in  computer  secu¬ 
rity  is  determining  what  is  normal  behavior  and  what 
is  potentially  harmful  behavior  in  a  computer  or  net¬ 
work,  especially  when  threats  are  changing  regularly. 

Forrest’s  systems  automatically  “dis¬ 
cover”  what  is  normal  and  what  is  not,  just 
as  our  immune  systems  have  learned  to  do. 

Her  software  is  largely  self-maintaining 
and  doesn’t  require  updating  by  experts.  A 
computer  scientist  at  Los  Alamos  National 
Laboratory,  appointed  to  an  antiterrorism 
research  task  force  after  Sept.  11,  told  me 
the  technique  holds  great  promise  for 
homeland  security. 

Now  consider  the  ant.  Rather  than  rely¬ 
ing  on  complex,  centralized  logic,  systems 
that  mimic  ant  behavior  use  many  small, 
autonomous  software  agents.  With  each 
acting  on  the  simplest  of  rules,  just  as  ants 


do,  these  agents  together  can  solve  problems  that, 
viewed  as  a  whole,  are  enormously  complex.  Today, 
software  based  on  ant  behavior  is  used  for  optimiza¬ 
tion  applications  such  as  factory  scheduling,  vehicle 
routing  and  telecommunications  switching. 

Meanwhile,  other  researchers  are  developing 
systems  based  on  “evolutionary  computing”  to  solve 
factory  scheduling  and  optimization  problems.  The 
systems  iterate  through  many  trial  solutions,  breed¬ 
ing  better  and  better  ones  from  the  most  promising 
parents  in  each  generation  of  trials.  Solutions  liter¬ 
ally  evolve  in  a  process  that  selects  the  “fittest”  in 
every  generation. 

These  biology-inspired  algorithms  aren’t  just  the 
stuff  of  Ph.D.  dissertations.  Researchers  have  really 
studied  the  immune  system,  ants,  evolution  and  other 
biological  phenomena  and  have  invented  useful  new 
computational  techniques  based  on  them. 

If  you  are  a  creator  of  software,  or  even  a  user  of  it, 
you  might  do  well  to  look  to  nontraditional  sources, 
biological  and  otherwise,  for  inspiration.  And  you 
might  consider  that  the  falling  cost  of  computer  cycles 
makes  problem-solving  approaches  that  were  only 
theoretically  possible  a  few  years  ago  practical  today. 

Richard  Gabriel,  a  computer  scientist  at  Sun  Micro¬ 
systems,  says  he  does  90%  of  his  research  on  the  In¬ 
ternet  and  that  it  can  already  pass  the  Turing  test. 
“That’s  a  heck  of  a  smart  thing  out  there,”  he  says.  “I 
just  typed  into  Google,  ‘How  do  I  change  a  tire?’  and  I 
got  the  answer  on  the  first  page.” 

Even  Kapor  would  have  to  admit  that  the 
Internet  works  a  lot  like  the  brain.  It  con¬ 
sists  of  millions  of  loosely  connected  nodes 
(neurons)  whose  relationships  (synapses) 
change  constantly.  Nobody  has  trained  the 
Internet  to  answer  questions  like  how  to 
change  a  tire,  and  nobody  maintains  a  huge 
database  of  rules.  Like  the  brain,  the  Inter¬ 
net  continues  to  work  even  when  a  large 
number  of  nodes  or  links  are  broken. 

I’m  guessing  Kurzweil  will  win  the  bet. 

If  he  does,  it  will  be  because  IT  people 
look  to  biology  for  ideas  —  not  for  superfi¬ 
cial  analogies,  but  for  real  guidance.  • 
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IT  to  Fight  Terror 

Los  Alamos  National  Laboratory  focuses  its 
science  on  homeland  defense.  By  Bob  Brewin 


Los  alamos  national  Labora¬ 
tory,  which  developed  the 
atomic  bomb  that  helped  end 
World  War  II,  has  since  Sept.  11 
focused  the  scientific  expertise 
of  its  7,500  employees  on  home¬ 
land  defense  and 
the  war  on  terrorism  while 
continuing  its  mission  of 
nuclear  weapons  research. 

The  Los  Alamos,  N.M.- 
based  laboratory,  which  is 
owned  by  the  Department  of  Energy 
and  operated  by  the  University  of  Cali¬ 
fornia,  is  tapping  into  its  expertise  in 
everything  from  quantum  physics  to 
computer  science.  Research  is  backed 
by  massive  supercomputers,  including 
a  30-trillion-operations-per-second 
cluster  due  to  go  online  by  year’s  end. 

Los  Alamos  isn’t  looking  for  imme¬ 
diate  results.  Rather,  it’s  applying  its 
resources  in  arcane  sciences  to  devel¬ 
op  tools  and  even  products  that  can  be 
applied  years  down  the  road,  though  it 
will  also  commercially  spin  off  promis¬ 
ing  systems  quicker. 

For  example,  according  to  Terry 
Hawkins,  leader  of  the  laboratory’s 
nonproliferation  and  internal  security 
division,  Los  Alamos  is  developing  a 


method  to  detect  biological  agents 
such  as  anthrax  by  combining  a  biolog¬ 
ical  antigen  with  a  computer  chip.  The 
antigen,  Hawkins  says,  “acts  the  same 
as  a  human  cell”  in  detecting  the  pres¬ 
ence  of  an  agent.  The  antigen  is 

housed  in  a  double-layer 
membrane  formed  from 
lipids,  a  class  of  insoluble 
organic  compounds  that  are 
constituents  of  living  cells. 
Electrical  current  in  the 
membrane  passed  to  the  chip  could 
give  a  user  an  instant  readout  of  the 
type  of  biological  agent  it  has  detected. 
Hawkins  says  Los  Alamos  has  already 
developed  a  system  that  can  detect  the 
potentially  deadly  Hanta  virus,  which 
is  prevalent  in  mice  in  the  Southwest, 
and  he  believes  that  in  time  it  may  be 
possible  to  develop  a  portable,  pro¬ 
grammable  device  that  can  detect  a 
number  of  viruses.  Such  a  tool  could 
also  play  a  significant  role  in  helping 
public  health  agencies  battle  diseases 
such  as  the  common  flu,  he  adds. 

Deborah  Leishman  heads  a  knowl¬ 
edge  modeling  team  at  Los  Alamos  that 
helped  develop  a  tool  called  EpiSims 
for  simulating  the  spread  of  epidemics 
—  natural  or  terrorist-induced  —  in  a 


large  urban  area.  She  says  the  tool  will 
help  public  health  agencies  integrate 
data  from  various  sources,  such  as 
emergency  rooms  around  a  metropoli¬ 
tan  area,  into  a  database  that  will  pro¬ 
vide  insights  that  can’t  be  gleaned 
from  single  data  points. 

Los  Alamos  developed  EpiSims  as  a 
spin-off  from  an  even  larger  program 
called  Transportation  Analysis  Simula¬ 
tion  System  (TranSims)  designed  to 
model  the  ebb,  flow  and  social  interac¬ 
tions  of  people  in  a  large  city.  Leish¬ 
man  says  TranSims  can  help  emer¬ 
gency  management  agencies  devise 
evacuation  plans  for  cities  that  don’t 
have  them,  such  as  Washington. 

Los  Alamos  has  already  modeled 
Portland,  Ore.,  which  has  a  population 
of  1.6  million.  Leishman  says  she  could 


AN  EPISIMS  SIMULATION  that  shows 
the  progress  of  a  contaminant  plume 
across  the  city  of  Portland,  Ore. 


use  TranSims  and  the  laboratory’s  su¬ 
percomputers  to  model  New  York, 
which  has  a  population  of  8  million. 

Los  Alamos  has  returned  to  its 
physics  roots  to  find  new  technologies 
for  cyberwarfare.  Scientists  have  fig¬ 
ured  out  how  to  use  quantum  mechan¬ 
ics  to  encrypt  data  inside  a  photon. 

The  process,  called  quantum  encryp¬ 
tion,  ensures  that  users  can  detect 
whether  a  photon  has  been  intercept¬ 
ed,  Hawkins  said. 

Though  the  laboratory  has  transmit¬ 
ted  such  cryptophotons  a  distance  of 
six  miles  in  free  space,  Hawkins  says 
Los  Alamos  has  more  work  to  do  be¬ 
fore  such  a  method  becomes  routine. 

The  Los  Alamos  computer  and  com¬ 
putational  sciences  division  supports 
these  and  other  homeland  defense 
projects  at  the  most  fundamental  lev¬ 
els,  according  to  Stephen  Lee,  deputy 
leader  of  the  division. 

His  division  is  engaged  in  multiyear 
projects  focused  on,  for  example,  bet¬ 
ter  ways  to  extract  and  model  data  for 
simulating  nuclear  explosions  or  ter¬ 
rorists’  threats.  The  trouble  with  data 
measured  in  terabytes  is  that  compre¬ 
hending  it  taxes  the  mind.  So  Los 
Alamos  is  working  on  tools  to  extract 
meaningful  information  from  data  and 
present  it  in  a  usable  form. 

Los  Alamos  Director  John  Browne 
sums  up  the  laboratory’s  long-term 
mission  in  a  message  to  employees  that 
puts  the  emphasis  on  being  able  to  “an¬ 
ticipate  scientific  and  technological 
needs  in  five,  10  or  even  20  years.”  But, 
he  adds,  Los  Alamos  must  also  be 
ready  to  refocus  its  efforts  quickly  in 
order  “to  accommodate  sudden  and 
unanticipated  changes  to  meet  new  na¬ 
tional  security  requirements.”  I 
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IT  Responds 


TranSims  Program 


m 


This  is  a  TranSims  traffic  and  population  mobility  mod 
el,  showing  colored  bars  over  a  street  map.  The  colors 
and  the  height  of  the  bars  reflect  the  relative  density 
of  the  traffic  on  those  roads. 


Brightly  colored  vehicles  traverse  a  virtua  lighway  in 
the  TranSims  traffic  and  population  modeling  program 
Tracking  the  movements  of  each  vehicle  is  possible 
based  on  analysis  of  simulated  populations  and  data 
gathered  from  census  informatk  and  other  regional 
databases. 


Q  Supercomputer 


When  completed  at  the  end  of  this  year,  the  Q  super¬ 
computer  at  Los  Alamos  National  Laboratory  will  be 
one  of  the  most  powerful  machines  on  the  planet,  able 
to  perform  30  trillion  Calculations  in  one  second. 
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Winning  with  e-commerce:  There’s  something  new  at  London’s  antiquarian  book  dealer  Peter 
Harrington.  They’re  selling  25%  of  their  volume  on  the  Web.  Their  platform?  The  easy-to-manage 
IBM  (©server  xSeries™  Select  xSeries  models  feature  the  Intel®  Xeon™  processor  to  give  you  superior 
performance  and  cost-effectiveness.  For  a  complimentary  IDG  report  on  how  growing  companies  are  using 
IT  to  advance  their  business,  go  to  ibm.com/eserver/peterharrington  (g)  (xti/uss 


All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  tn'ngs. 
on  individual  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation. 
Intel,  the  Intel  Inside  logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks 
or  service  marks  of  others.  ©2002  IBM  Corporation.  All  rights  reserved. 
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Linux’  ready  with  self-managing  features  for  every  e-business. 

mm 

Intel -based  /  xSeries™ 

It’s  an  affordable  and  powerful 
combination  of  mainframe- 
inspired  reliability  and  smart 
systems  management  tools. 

UNIX*  /  pSeries™ 

Highly  available,  highly  affordable 
and  highly  coveted.  The  pSeries  is 
the  platform  of  choice  for  powerful 
UNIX  and  Linux  solutions. 

■ 

Midrange  /  iSeries™ 

Brings  easy-to-deploy,  plug  and 
play  e-business  to  your  business. 
Sophisticated  technology  that’s 
easy  to  manage  and  Linux  ready. 

Mainframe  /  zSeries™ 

Maximum  reliability,  maximum  power, 
maximum  flexibility.  Designed  for  up 
to  99.999%  uptime'  to  handle  the 
demands  of  today’s  e-businesses. 

Winning  with  ERP:  Italian  motorcycle  sensation  Aprilia  has  an  enviable  track  record.  Their  ERP  solution, 
automating  their  order-to-shipment  process,  delivers  nearly  100%  uptime.2  How?  A  high-revving  IBM  UNIX  server  high 
availability  cluster  running  AIX®3  For  an  IDG  report  on  how  growing  companies  are  using  IT  to  advance  their 
business,  go  to  ibm.com/eserver/aprilia 


(C)  lwstness  h  iht  Fhy  7&  h/tK 


'Requires  Parallel  Sysplex*  environment.  'Excludes  scheduled  downtime.  ’The  IBM  solution  included  two  IBM  UNIX  server  models  7026-M80  and  7026-H80  with  IBM  storage  model  2105-F20  and  IBM  HACMP  software 
These  server  models  are  no  longer  available  from  IBM.  All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  is  intended  as  an  illustration  only.  Costs  and  results  obtained  in  other  customer 
environments  will  vary  depending,  among  other  things,  on  individual  customer  configurations  and  conditions.  IBM.  the  e-business  logo,  e-business  is  the  game.  Play  to  win.  AIX,  iSeries,  pSeries,  xSeries,  z Series  and  Parallel 
Sysplex  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  registered  trademark  of  Unus  Torvalds.  Intel  is  a  registered  trademark 
of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  UNIX  is  a  registered  trademark  of  The  Open  Group.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others. 
©2002  IBM  Corporation.  All  rights  reserved. 
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[hen  A  new,  high-risk 
Apache  worm  was  an¬ 
nounced  in  June,  Motoro¬ 
la  Inc.’s  IT  security  team 
was  able  to  find  and  plug 
its  vulnerabilities  before 
the  worm  hit,  thanks  to 
Foundstone  Inc.,  the  company’s  vul¬ 
nerability  assessment  partner,  says 
Bill  Boni,  chief  information  security 
officer  for  Motorola’s  information 
protection  services. 

Since  Sept.  11,  IT  managers  have 
been  taking  steps  to  get  their  arms 
around  the  difficult  job  of  inventorying 
their  corporatewide  applications  and 

patching  systems  before  an  _ 

attack  on  vulnerabilities 
can  take  out  vital  services. 

But  those  tasks  are  expen¬ 
sive,  time-consuming  and 
ultimately  impossible  to 
achieve  if  done  by  manually  scanning 
systems,  say  analysts. 

Thanks  to  a  number  of  commercial 
and  freeware  tools  on  the  market  to¬ 
day,  IT  managers  can  automate  those 
processes.  But  users  say  some  of  these 
tools  can  add  even  more  complexity  by 
scanning  for  too  many  vulnerabilities, 
leaving  lists  of  things  to  repair  that 
may  not  align  with  corporate  security 
requirements,  for  example.  Other  tools 
spit  out  vulnerabilities  and  services 
that  don’t  even  exist.  And  most  of  the 
tools  don’t  help  with  the  patching  and 
repair  process,  which  many  users  say 
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IT  Responds 


they  want.  Some  companies,  such  as 
Tower  Records,  a  West  Sacramento, 
Calif. -based  music  and  video  retailer, 
are  giving  up  on  installing  and  manag¬ 
ing  their  own  tools  and  turning  to  as¬ 
sessment  application  service  providers 
to  simplify  this  vital  function  for  them. 

Vulnerability  assessment  tools, 
which  cost  $50,000  to  $100,000  per 
year  for  a  Class  C  network,  use  a  vari¬ 
ety  of  technologies.  Some  scan  hosts 
for  insecure  services  and  ports,  patch 
levels  and  other  configuration  prob¬ 
lems.  Network-based  assessment  tools 
examine  traffic  patterns  for  indicators 
of  Simple  Network  Management  Pro- 
_  tocol,  User  Datagram  Pro¬ 
tocols  and  other  traffic- 
related  vulnerabilities. 
Some  tools  provide  auto¬ 
mated  services  over  the 
Web.  Some  focus  on  appli¬ 
cation  assessment.  And  some  do  all  of 
those  things. 


Too  Much  Information 

But  without  a  way  to  manage  and 
prioritize  vulnerability  reports,  users 
are  faced  with  the  same  problem  they 
have  with  their  closely  linked  intrusion- 
detection  counterparts:  too  much  in¬ 
formation  to  sift  through  and  act  on. 

In  response,  some  vendors  are  at¬ 
tempting  to  match  their  assessment 
information  against  information  de¬ 
rived  from  intrusion-detection  agents 
to  weed  out  false  positives  and  pinpoint 


One  Answer:  Managed  Vulnerability  A 
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Some  companies  including  Tower  Records  and  Motorola  are 
turning  to  managed  services  to  handle  vulnerability  assessment 
for  them.  This  diagram  depicts  Qualys’  QualysGuard  service, 
used  by  Tower  Records.  QualysGuard  is  an  automated  Web- 
based  service  with  a  distributed,  scalable  and  secure  infra¬ 
structure.  Load-balanced,  dual-homed,  inference-based  scan¬ 
ning  servers  and  Web  application  servers  communicate  with 
the  QualysGuard  KnowledgeBase  to  detect  and  report  vulnera¬ 
bilities  on  customers'  networks.  All  customer  data  is  encrypted, 
and  the  keys  are  accessible  only  to  customers. 
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true  vulnerabilities.  But  they  haven’t 
been  very  successful,  say  analysts. 

“Some  scanners  are  really  dumb.  All 
they  do  is  emulate  a  hacker  operating 
with  minimal  or  no  knowledge  about  a 
remote  system  and  make  assumptions 
about  what’s  on  the  network,  which 
creates  a  lot  of  false  positives,”  says 
Patrick  Heim,  vice  president  of  enter¬ 
prise  security  at  McKesson  Corp.,  a 
$50  billion  medical  services  and  sup- 


False  positives  and  an  overwhelming  flood  of  information 
leave  companies  yearning  for  less  confusing  ways  to  assess 
their  vulnerabilities.  By  Deborah  Radcliff 


Wanted:  A  Clear 


plies  vendor  in  San  Francisco. 

Internet  Security  Systems  Inc.,  the 
maker  of  one  product  that  has  been 
criticized  by  a  number  of  users  and 
analysts  for  false  positives,  is  taking 
steps  to  remedy  the  situation. 

“ISS’s  scanner  does  have  a  reputa¬ 
tion  for  having  a  very  high  false  posi¬ 
tive  rate,  not  just  on  the  operating  sys¬ 
tem  mismatches,  but  often  reporting 
phantom  services  as  being  running 
even  when  they  aren’t,”  says  John 
Pescatore,  an  analyst  at  Gartner  Inc. 
in  Stamford,  Conn. 

Atlanta-based  ISS  is  trying  to  ad¬ 
dress  the  false  positives  with  its  Inter¬ 
net  Scanner  7.0,  which  is  scheduled  to 
ship  at  the  end  of  the  year.  Version  7.0 
will  include  a  dynamic  check  assign¬ 
ment  to  determine  what  operating  sys¬ 
tems  are  running  on  a  host,  including 
routers,  to  a  higher  degree  of  accuracy, 
says  Patrick  Wheeler,  Internet  Scanner 
product  manager.  And  ISS’s  current 
Version  1.2  of  RealSecure  SiteProtector 
security  management  console  incorpo¬ 
rates  a  security  fusion  module  that 
correlates  vulnerability  data  and  ISS’s 
intrusion-detection  data  to  a  limited 
degree,  so  users  can  target  priority 
repair  areas,  he  adds. 


View  of  Vulnerability 
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Qualys  remote  scanners 


Fusing  intrusion-detection  and 
assessment  data  would  not  only  help 
prioritize  repairs,  but  also  reduce  the 
number  of  reports  coming  from  the 
intrusion-detection  system  sensors 
themselves,  according  to  Pescatore. 
However,  most  vendors  haven’t  inte¬ 
grated  those  two  very  well,  he  says. 

Integrated  Approach 

A  couple  of  exceptions  might  be 
nCircle  Network  Security  Inc.,  a  San 
Francisco-based  risk-assessment  ven¬ 
dor,  and  PentaSafe  Security  Technol¬ 
ogies  Inc.  in  Houston.  Both  companies 
use  multipurpose  agents  for  intrusion 
detection  and  assessment.  They  also 
approach  vulnerability  management 
from  a  policy  standpoint,  which  fur¬ 
ther  narrows  vulnerability  reports  to 
only  those  issues  that  violate  policy. 

Thomas  Murray,  an  IT  analyst  at 
consulting  firm  Headlab  Inc.  in  Tulsa, 
Okla.,  has  tested  PentaSafe’s  products 
against  other  assessment  tools  from 
large  network  management  and  secu¬ 
rity  vendors  and  small  niche  vendors. 
He  says  none  offers  the  combination 
of  assessment,  intrusion  detection  and 
policy  management  that  PentaSafe’s 
VigilEnt  security  manager  assessment 
tool  and  its  policy  manager  do. 

“We’re  still  a  little  buried  under  data, 
but  it’s  better  than  a  l-to-20  ratio  of 
what  our  report  volume  was  without 
these  tools,”  says  Murray.  “The  Penta¬ 
Safe  agents  are  fast.  And  you  can  con¬ 
figure  them  very  tightly  to  reduce 
report  logs  even  more.  But  that  also 
takes  time.” 

John  Shields,  a  user  of  nCircle’s 
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positives,  and  now  we  need  only  one 
person  to  manage  and  respond  to  vul¬ 
nerabilities.” 

Users  also  advise  not  getting  caught 
up  in  the  number  of  vulnerabilities 
that  these  tools  scan  for,  because  the 
more  vulnerabilities  they  look  for,  the 
more  report  logs  they  produce.  And 
users  say  they  can’t  support  too  many 
logs.  Instead,  they  want  to  find  the 
most  critical  vulnerabilities  that  ac¬ 
count  for  the  most  commonly  success¬ 
ful  types  of  attacks  on  their  networks 
and  security  policies.  Then  they  want 
a  way  to  ensure  that  those  repairs  are 
carried  out. 

“If  you  look  at  most  scanner  outputs, 
you  have  hundreds  of  vulnerabilities 
that  can  be  addressed.  The  time  it 
takes  to  manually  make  sure  the  patch¬ 
es  are  made  is  ridiculous,”  Heim  ex¬ 
plains.  “With  up  to  20  system  adminis¬ 
trators  responsible  for  different  areas 
of  a  single  box,  I  want  to  put  some¬ 
thing  in  place  that  can  hold  people 
accountable  for  repairs  being  made.” 

For  this  reason,  Heim  is  leaning 
toward  FoundScan  from  Mission  Viejo, 
Calif. -based  Foundstone  as  he  evalu¬ 
ates  assessment  tools  for  his  network. 
FoundScan  assesses  alerts  as  either 
high,  medium  or  low  priority,  and  it 
can  customize  alert  levels.  The  soft¬ 
ware  issues  trouble  tickets  for  high- 
priority  repairs  and  reminds  a  pre¬ 
designated  responsible  party  when 
a  particular  repair  hasn’t  been  made 


The  Annual  Checkup 

WHILE  AUTOMATED  ASSESSMENT  TOOLS  and  application  services  can  help  keep  net¬ 
works  running  with  minimal  exposure,  they’re  no  substitute  for  an  annual  security  audit  by 
trained  security  staff,  says  Allen  Carey,  information  security  analyst  at  IDC,  a  Framingham, 

Mass.-based  research  firm. 

Automated  tools  fail  to  take  into  account  people,  processes,  best  practices,  physical 
security  and  other  components  of  a  comprehensive  risk  assessment  sweep  across  a  large 
organization,  says  Bill  Ferguson,  a  partner  at  Tatum  CIO  Partners  LLP,  a  Pittsburgh-based 
outsourcer  of  CIO  consulting  services.  “When  we  do  an  audit,  we  look  at  21  factors,"  says 

Ferguson.  To  help  companies  conduct  more  comprehensive  audits  of  their  own,  he  sug¬ 
gests  that  the  following  points  be  audited  in  a  companywide  assessment: 

■  Security  policy  and  accountability 

:  ■  Modems 

for  its  enforcement 

:  ■  System  administration 

■  Risk  assessment  against  critical 

:  ■  Incident  response 

information  assets 

■  Auditing 

■  Account  management  and  access 

’  ■  Viruses 

controls 

:  ■  Contingency  planning 

■  Authentication 

:  ■  Backups 

■  Configuration  and  change 

:  ■  Maintenance 

management 

■  Labeling  (is  sensitive  information 

■  Session  controls 

clearly  defined  and  labeled?) 

■  Network  security,  Internet  access 

:  ■  Media  sanitizing  and  disposal 

policies  and  network  services 

■  Physical  security 

■  Cryptographic  technologies  for 

:  ■  Personnel  security 

transmission  and  storage 

■  Training  and  awareness 

SOURCE:  QUALYS  INC..  REDWOOD  SHORES.  CALIF. 


IP360,  says  the  network  risk  assessment 
package  —  particularly  its  ability  to 
show  exceptions  to  corporate  policy  — 
reduces  administrative  overhead  and 
false  positives  to  manageable  limits. 

“We  don’t  run  Linux.  So  if  someone 
in  one  of  our  35  branches  is  adding  a 
Linux  system,  IP360  will  pick  that  up,” 
says  Shields,  senior  vice  president  of 
e-business  at  Patelco  Credit  Union  in 
San  Francisco.  “We  have  fewer  false 


35 


within  the  specified  deadline. 

Of  course,  it  would  be  nice  if  such 
products  also  automated  the  remedia¬ 
tion  process.  Of  the  major  assessment 
players,  only  Houston-based  BindView 
Corp.’s  bv-Control  correction  engine 
does  any  automated  patching,  says 
Gartner  analyst  Charles  Kolodgy.  The 
next  best  step  is  taking  action  to  re¬ 
duce  the  exposure  while  the  repair  is 
being  made.  In  July,  nCircle  announced 
IP360’s  first  automated  response  capa¬ 
bility  —  automated  blocking  at  Fire¬ 
wall-1  from  Redwood  City,  Calif. -based 
Check  Point  Software  Technologies 
Ltd.,  with  other  firewalls  to  follow. 

In  a  Hurry? 

Most  of  these  products  require  in¬ 
stallation  of  servers  or  agents  or  both, 
which  most  users  say  is  a  two-  to 
three-day  process  for  a  Class  C  net¬ 
work,  provided  the  vendor  has  a 
knowledgeable  services  team  and  few 
obstacles.  But  some  IT  managers  say 
they  don’t  want  to  deal  with  the  up¬ 
front  time  of  installation,  nor  do  they 
want  to  own  and  manage  the  assess¬ 
ment  technology.  So  they’re  turning  to 
assessment  application  service  pro¬ 
viders  such  as  Qualys  Inc.  in  Redwood 
Shores,  Calif.,  which  charges  $60,000 
for  an  unlimited  use  subscription  to 
scan  a  Class  C  network. 

“There  was  no  installation  and 
no  setup.  All  we  had  to  do  was  give 
Qualys  a  list  of  the  IP  addresses  we 
wanted  them  to  check,  and  the  next 
day  we  were  ready  to  go,”  says  Kevin 
Ertell,  vice  president  of  online  opera¬ 
tions  at  Tower  Records,  which  signed 
up  for  QualysGuard  late  last  year. 

There’s  no  faster  way  to  start  vulner¬ 
ability  assessments,  adds  Boni,  who 
jump-started  Schaumburg,  Ill.-based 
Motorola  on  assessment  by  starting 
with  Foundstone’s  Web-based  assess¬ 
ment  service  the  day  after  the  Sept.  11 
terrorist  attacks.  He  later  transitioned 
to  Foundstone’s  assessment  product. 

“The  reason  we  were  able  to  get  into 
business  so  quickly  on  Sept.  12  is  that 
we  used  Foundstone’s  Web  services,” 
Boni  says.  “There’s  no  capital  acquisi¬ 
tion  of  hardware.  You  just  plug  in  the 
IP  addresses  you  want  scanned  and 
you’re  good  to  go.”  I 


Radcliffis  a  freelance  writer  in  Northern 
California.  You  can  contact  her  at 
derad@aol.com. 


ASSESSMENT  CQNHECTIONS 

For  links  to  assessment  tool  vendors  and  assessment 
service  providers,  see  our  Web  site: 

if  QuickLink  32421 

www.computerworld.com 
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As  senior  vice  president  of  engineering 
and  chief  technology  officer  at  Network 
Appliance  Inc.  in  Sunnyvale,  Calif., 

Steven  Kleiman  is  the  visionary  behind 
the  vendor’s  storage  technology  agenda. 
ComputerworlfTs  Robert  L.  Mitchell 
talked  with  him  about  merging  the  worlds 
of  storage-area  networks  (SAN)  and  net¬ 
work-attached  storage  (NAS). 

What  will  the  most  important  storage 
technology  trend  in  the  next  12  months? 

SAN/NAS  convergence  is  clearly 
what’s  happening.  We  have  two  prod¬ 
ucts  that  essentially  export 
block-level  interfaces.  One  is 
SnapDrive,  and  the  other  is  our 
DAFS  [Direct  Access  File  Sys¬ 
tem]  Database  Accelerator. 

We’ll  continue  our  architecture  with  a 
filer  head  with  Fibre  Channel-based 
interconnections. 

Our  system  has  an  underlying  block 
management  layer  that  does  the  RAID 
layout  optimization,  and  there’s  a  file 
semantic  layer  on  top  of  that  that  does 
things  like  create  a  directory  and  what¬ 
not.  And  on  top  of  that  are  the  file  pro¬ 
tocols.  We  added  a  LUN  [logical  unit 
number]  semantic  layer,  and  that  cre¬ 
ates  LUNs  of  various  sizes  and  it  goes 
right  on  top  of  the  underlying  block 
management  layer.  It  uses  the  same 
storage  and  storage  pool.  Our  intent  is 
to  try  to  . . .  let  the  SAN  stuff  share 
space  with  the  NAS  stuff  and  take  ad¬ 
vantage  of  the  array  bandwidth  that’s 
available. 

What  about  dynamically  scalable  vol¬ 
umes?  That’s  not  easy  to  do  with  SANs 
and  Fibre  Channel  arrays.  Will  that 
change  in  a  converged  world?  There  are 
whole  steps  that  you  don’t  do  with  our 
stuff  that  you  have  to  do  with  the  tradi¬ 
tional  large-block  server  approach. 

The  remaining  SAN  management  stor¬ 
age  management  issues  that  SAN  has 
are  inherent  to  SANs. 

This  is  one  of  the  reasons  why  peo¬ 
ple  like  NAS.  Some  applications  like 
the  SAN  protocols  better,  and  we  can 
deal  with  that.  Personally,  I  think  the 


NAS  protocols,  when  used,  lead  to  a 
more  efficient  use  of  storage. 

Are  you  saying  that  host  servers  should 
read  and  write  files  instead  of  doing 
SCSI  block  transfers?  They  already  do. 
The  question  is  how  this  shakes  out 
over  time  as  people  get  higher-  and 
higher-speed  networks  with  low  over¬ 
head  file  access  protocols  like  NAS. 
We  shall  see. 

Management  of  NAS  boxes  has  tradi¬ 
tionally  been  complicated  by  the  fact 
that  every  NAS  appliance  must 
have  its  own  filer  head  and 
management  interface.  How 
will  this  change  in  the  future? 
We  can  bring  down  the  over¬ 
head  of  managing  multiple  filers  to  a 
fairly  small  degree  . . .  but  the  manage¬ 
ment  of  the  storage  [devices]  them¬ 
selves  does  not  go  away  no  matter 
what  you  do. 

Today  if  you  actually  have  to  do 
some  management,  you  do  it  on  a 
head-by-head  basis.  Going  forward, 
that  will  blend.  You  will  see  less  of  a 
head.  Today  that’s  not  the  case. 

How  exactly  will  that  blend?  In  the  data 
center  you  can  solve  some  of  the  mul¬ 
tiple  filer  problems  with  high-speed 
interconnect  technology  and  try  to 
bring  a  more  scalable  filer,  if  you  will. 


The  interconnect  for  our  cluster  in  our 
new  model  is  InfiniBand,  and  that’s  a 
clear  direction  in  terms  of  using  these 
new,  high-speed  commodity  fabrics  to 
build  more  scalable  systems. 

Fibre  Channel  can  transport  data  but 
control  and  management  information 
must  be  routed  over  an  IP  LAN,  essen¬ 
tially  requiring  parallel  networks  to  ex¬ 
ist.  When  will  this  change?  We’ve  been 
pushing  toward  in-band  management 
as  much  as  we  can,  and  the  Fibre 
Channel  community  doesn’t  appear  to 
be  going  there.  My  prediction  is  that  it 
will  stay  separate  for  now. 

With  iSCSI  you  can  route  storage  blocks 
over  IP  instead  of  Fibre  Channel.  But  is 
the  technology  ready?  If  you  look  at  our 
DAFS  product,  it’s  based  on  the  [Emu- 
lex  Corp.  GN/9000SI]  RDMA  [Remote 
Direct  Memory  Access]  over  TCP/IP 
card  that  uses  Gigabit  Ethernet.  We 
can  get  reasonably  good  performance 
with  [it].  I  think  we’ll  be  seeing  some 
reasonable  TCP/IP  off-load  cards  that 
are  quite  competitive  with  [Fibre 
Channel  host  bus  adapter]  technology. 

We’re  members  of  the  RDMA  Con¬ 
sortium,  and  the  goal  is  to  come  up 
with  a  standard  RDMA  over  TCP  pro¬ 
tocol  in  time  to  make  the  first  genera¬ 
tion  of  10  gigabit  TCP  off-load  engines. 
If  this  all  comes  to  fruition,  you  will 


have  one  high-speed  network  that  does 
traditional  NAS  and  other  communica¬ 
tion  protocols  in  an  off-loaded  way 
with  iSCSI  and  DAFS  all  in  one  card. 

Filers  are  expanding  to  tens  of  tera¬ 
bytes,  but  how  do  you  back  them  up? 

A  NetApp  filer  can  support  eight  backup 
streams  to  tape.  Even  with  the  best  tape 
technology,  a  20TB  filer  would  take 
40  hours  to  complete  a  full  backup.  How 
do  you  get  around  that?  You’ve  come  to 
the  same  conclusion  I  came  to  several 
years  ago,  that  this  is  just  hosed.  The 
data  is  exploding  way  faster  than  tape 
is  getting  faster  or  bigger.  We’re  ad¬ 
dressing  that  by  putting  another  level 
in  the  storage  hierarchy  with  NearStor 
[disk-to-disk  backup].  You  should  be 
looking  over  the  next  few  months  and 
further  for  a  convergence  of  our  filer 
technology  and  caching  technology. 

The  goal  is  to  get  out  of  the  backup 
business  on  a  daily  basis  and  make  re¬ 
store  transparent,  meaning  there  isn’t  a 
long  downtime  while  you  go  ahead 
and  restore  something.  I  think  tape  be¬ 
comes  more  of  an  archival  mechanism 
where  you  do  a  full  backup  once  a 
month,  for  legal  purposes  perhaps. 

Reference  data  servers  like  EMC  Corp.’s 
Centera  create  a  unique  ID  for  unchang¬ 
ing  files,  creating  an  abstraction  layer 
between  stored  objects  and  the  applica¬ 
tions  attempting  to  access  them.  Using 
the  Centera  application  programming  in¬ 
terface,  an  application  can  use  this  ob¬ 
ject  name  and  no  longer  must  track  the 
path  to  the  stored  file.  Will  NetApp  take 
a  similar  approach?  I  like  to  think  that 
we’re  already  there.  Part  of  what 
NearStor  is  about  is  giving  you  low- 
cost  ways  of  storing  archival  data. 

Using  a  name  based  on  the  content 
is  pretty  easy  to  do,  but  I  don’t  see  a 
need  for  it.  Most  of  the  archiving 
mechanisms  are  done  through  applica¬ 
tions  like  Documentum  and  Filenet, 
and  truthfully  they’re  the  ones  who 
should  say  what  the  underlying  storage 
requirements  should  be.  If  there  are 
specific  enhancements  that  are  needed 
for  data  integrity,  which  we  don’t  be¬ 
lieve  right  now,  we  can  add  those  pret¬ 
ty  easily.  But  I  don’t  see  it  yet. 

An  object-based  file  system  is  cer¬ 
tainly  something  Microsoft  is  working 
on  embedding  in  a  future  version  of 
Windows.  The  trouble  is  until  that  file 
system  interface  is  standardized  and 
agreed  upon  there’s  no  point  in  proto- 
colizing  it.  It’s  not  embedded  in  every 
device  like  every  host  or  every  applica¬ 
tion  server  so  the  applications  that  do 
this  stuff  today  seem  perfectly  happy 
with  the  semantics  that  they’ve  got.  I 


STEVEN  KLEIMAN 

Senior  vice  president  of  engineerir 
and  chief  technology  officer 

Network  Appliance  Inc, 

Claim  to  fame:  As  chief  technologist  at  St 
Microsystems  Inc.,  he  helped  design  the 
popular  Network  File  System  Unix  file 
sharing  protocol. 
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TECHNOLOGY 

Starting  Over  With 
WLAN  Security 


Eliminating  rogue  access  points  is  easy 
compared  with  negotiating  policy  for  a 
secure  wireless  LAN  infrastructure. 

By  Mathias  Thurman 


During  the  past  few 

weeks,  I’ve  dedicated  a 
significant  amount  of 
time  to  creating  wire¬ 
less  LAN  (WLAN)  policies 
and  standards.  A  WLAN  site 
survey  I  conducted  a  few 
weeks  ago  convinced  me  to  ac¬ 
celerate  my  work  in  this  area.  I 
uncovered  numerous  miscon- 
figured  WLAN  hubs,  or  access 

points  (AP),  that  pro-  - 

vided  access  to  our 
network  from  the 
parking  lot  —  and  in 
some  cases  from  the 
street. 

To  test  for  rogue 
hubs,  I  parked  my  car 
along  the  street  in  an  incon¬ 
spicuous  spot  beside  our  cor¬ 
porate  headquarters,  booted 
my  laptop  and  inserted  my 
WLAN  card.  Within  seconds, 
my  Yahoo  Instant  Messenger 
program  woke  up  —  a  sure 
sign  that  I  was  on  the  network. 
From  there,  I  was  able  to  exe¬ 
cute  port  scans,  access  our  in¬ 
tranet  and  browse  the  employ¬ 
ee  list.  I  was  also  able  to  query 
our  internal  Domain  Name 
System  and  discover  the  IP 
addresses  of  critical  systems, 
such  as  databases  and  payroll 
systems. 

Given  some  time,  even  a 
moderately  skilled  hacker 
could  have  drilled  deeper. 

Cutting  the  Signal 

In  response,  I  immediately 
began  writing  up  a  wireless 
security  policy  to  get  these 
unauthorized  APs  off  the  net¬ 
work.  I  then  started  work  on 
developing  a  wireless  stan¬ 
dard  to  address  the  technolo¬ 
gy  aspects  of  the  policy. 

Our  new  policy  will  allow 
wireless  access  so  long  as  the 
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employee’s  manager  autho¬ 
rizes  it  and  the  user  follows 
approved  standards  and  pro¬ 
cedures.  The  policy  will  also 
determine  acceptable  use  to 
protect  the  company  from  any 
potential  unauthorized  activi¬ 
ty  that  might  compromise  our 
network. 

The  CIO  hasn’t  signed  off 
on  the  policy  but  did  authorize 

-  me  to  send  an  e-mail 

mandating  the  im¬ 
mediate  removal  of 
unauthorized  APs.  A 
few  days  later,  I  fired 
up  Mountain  View, 
Calif.-based  AirMag- 
net  Inc.’s  AirMagnet 
Handheld  PC  card  and  detec¬ 
tion  software  on  my  Pocket  PC 
to  check  for  compliance.  Sure 
enough,  some  APs  were  still 
online.  Using  the  device’s  sig¬ 
nal  strength  meter,  I  pinpoint¬ 
ed  two  of  them  and  got  them 
pulled  off  the  network,  but  I’m 
having  a  hard  time  locating 
one  last  rogue  AP.  I’m  trying 
to  get  a  directional  antenna  to 
assist  with  that  task.  That  last 
rogue  AP  appears  to  be  config¬ 
ured  properly,  with  encryption 
enabled,  but  it  still  needs  to  be 
removed  from  the  network. 

The  standards  document  is 
the  most  time-consuming  as¬ 
pect  of  this  project.  We’ve  al- 


Within  seconds, 
I  was  able  to 
execute  port 
scans,  access 
our  intranet  and 
browse  the 
employee  list. 


ready  decided  to  use  Aironet 
WLAN  APs  from  Cisco  Sys¬ 
tems  Inc.  We  felt  Cisco’s 
Lightweight  Extensible  Au¬ 
thentication  Protocol  (LEAP) 
was  the  most  secure,  if  you 
implement  it  properly.  When 
used  with  the  Cisco  Secure 
Access  Control  Server  (ACS), 
LEAP  also  gives  us  the  ability 
to  use  an  external  authentica¬ 
tion  and  access  control  facility 
to  control  access  to  the  wire¬ 
less  network. 

Wireless  Authentication 

The  ACS  can  also  communi¬ 
cate  with  external  user  data¬ 
bases  and  authentication  ser¬ 
vices.  This  will  let  us  authenti¬ 
cate  users  against  a  Windows 
NT  Primary  Domain  Con¬ 
troller  (PDC)  that  we’ve  al¬ 
ready  provisioned.  This  is  the 
same  PDC  we  use  to  authenti¬ 
cate  users  to  the  network  for 
access  to  e-mail,  drive  shares, 
printers  and  our  company  in¬ 
tranet.  Now  it  will  let  users 
seamlessly  access  the  network 
via  the  WLAN  APs  without 
requiring  an  additional  log-in. 

Next,  I  need  to  write  a  stan¬ 
dards  document  that  specifies 
the  make,  model  and  configu¬ 
ration  for  each  WLAN  compo¬ 
nent.  Determining  the  proper 
configuration  for  a  secure 
WLAN  is  the  most  time-con¬ 
suming,  technical  and  critical 
aspect  of  the  project.  To  ac¬ 
complish  this,  I  consolidated 
configuration  information 
from  the  results  of  a  third- 
party  audit,  publicly  accessi¬ 
ble  documentation  from  the 
Internet  and  vendor  documen¬ 
tation.  Then  I  scheduled  a 
meeting  with  representatives 
from  the  network  group  and 
the  IT  department  to  discuss 
the  available  configuration 
settings  for  the  APs,  ACS  and 
host  software  clients. 

We  agreed  on  a  standard 
configuration  that  will  address 
features,  usability  and  securi¬ 


ty.  This  required  some  com¬ 
promises.  For  example,  the  AP 
can  support  concurrent  con¬ 
nections  for  a  single  user.  I 
wanted  to  limit  users  to  one 
session  each;  others  argued 
that  there  might  be  occasions 
when  the  user  drops  a  connec¬ 
tion  but  the  AP  still  thinks  the 
user  is  connected.  In  that  case, 
the  user  could  establish  anoth¬ 
er  session  without  waiting  for 
the  AP  to  reset.  In  the  end,  we 
agreed  to  keep  the  connection 
setting  at  one  for  now,  but  I 
will  authorize  an  increase  if 
this  scenario  becomes  an  issue. 

Another  setting  relates  to 
the  broadcast  of  the  Service 
Set  Identifier  (SSID),  a  unique, 
configurable  name  that  identi¬ 
fies  the  AP  on  the  network. 
APs  come  configured  with 
SSID  broadcast  turned  on  by 
default.  If  the  AP  doesn’t 
broadcast  the  SSID,  then  the 
user  must  know  the  ID  num¬ 
ber  before  he  can  connect  to 
the  AP.  We  plan  to  disable 
SSID  broadcast. 

We  also  had  to  decide 
whether  we  needed  third- 
party  security  enhancements 
such  as  a  virtual  private  net¬ 
work  or  two-factor  authentica¬ 
tion  to  secure  the  environ¬ 
ment.  We  decided  to  use  Bed¬ 
ford,  Mass.-based  RSA  Securi¬ 
ty  Inc.’s  SecurlD  tokenbased 
authentication,  since  we  al¬ 
ready  have  an  RSA  ACE/Serv- 
er  in  place.  But  we  soon  dis¬ 
covered  that  RSA’s  SecurlD 
doesn’t  support  LEAP  as  the 
authorization  protocol.  RSA 
says  it  plans  to  support  the 
new  Protected  Extensible  Au¬ 
thentication  Protocol  (PEAP) 
standard,  which  will  allow 
SecurlD  token-based  authenti¬ 
cation  by  way  of  the  Cisco  APs. 

This  new  feature,  which  will 
require  updates  to  client  soft¬ 
ware,  should  be  available 
sometime  this  month.  Will  it 
work?  Stay  tuned.  I 

WHAT  DO  YOlHNK? 

This  week’s  journal  is  written  by  a  real 
security  manager,  “Mathias  Thurman," 
whose  name  and  employer  have  been 
disguised  for  obvious  reasons.  Contact  him 
at  mathiasJhurman@yahoo.com,  or  join  the 
discussion  in  our  forum. 
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PEAP  Show 


The  802.1x  standard  provides 
an  authentication  framework 
for  WLANs.  PEAP,  currently 
an  internet  Engineering  Task 
Force  draft  standard,  provides 
a  common  authentication  al¬ 
gorithm  that  should  help  elimi¬ 
nate  some  interoperability 
problems  between  WLAN 
clients,  access  points  and  au¬ 
thentication  servers.  Like  its 
predecessor,  the  Extensible 
Authentication  Protocol- 
Transport  Layer  Security 
(EAP-TLS),  PEAP  forces  both 
client  devices  and  APs  to  au¬ 
thenticate.  But  while  EAP-TLS 
requires  digital  certificates, 
PEAP  uses  an  easier-to-man- 
age  username/password  com¬ 
bination  and  encrypts  the 
communication  to  protect 
against  brute-force  dictionary 
attacks.  Final  approval  is  ex¬ 
pected  this  fall. 


Authentication  Architecture 
802.1x  provides  a  standard  way  to  put  messages 
generated  by  different  authentication  algorithms 
into  the  standard  frame  format  for 802.11  WLANs. 
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Apple  Computer  Inc.  has  re¬ 
leased  a  security  update  for  its 
Mac  OS  X  10.2  Jaguar  operat¬ 
ing  system  software.  The 
5.9MB  update  contains  updat¬ 
ed  Open  Secure  Sockets  Lay¬ 
er,  security  and  Sun  Remote 
Procedure  Cal!  components. 


Cisco  Adds 
Switch  Security 

Companies  can  secure  their 
network  traffic  at  higher  per¬ 
formance  levels  and  avoid  the 
proliferation  of  devices,  using 
new  security  hardware  mod¬ 
ules  for  Cisco’s  Catalyst  6500 
Series  switches. 

The  VPN  Services  Module, 
NAM-2  Network  Analysis 
Module,  Firewall  Services 
Module  and  SSL  Services 
Module  will  ship  this  month. 


I 


Use  a  password  to  protect  your  VPN  and 
your  critical  business  data  could  end  up  almost  anywhere. 


The  information  accessed  through  your  VPN  shouldn't  be  considered  banner  news.  But  too 
often,  it  is.  Because  the  only  thing  keeping  it  secure  is  a  single  password.  That  can  have 
damaging  effects  on  you,  your  customers,  your  partners,  even  your  bottom  line.  With 
the  RSA  SecurlD®  solution,  you'll  protect  your  critical  business  data  with  two-factor 
authentication,  securing  your  VPN  and  making  it  extremely  difficult  to  hack.  And  because 
major  VPN  providers  like  Checkpoint,  Nortel,  Lucent,  Cisco  and  dozens  of  others  design  their  VPNs  to 
work  with  RSA  Security,  you  can  be  sure  it  will  operate  simply  and  flawlessly  in  almost  any  environment. 

That  means  a  lot  less  worrying  about  where  your  confidential  information  might  show  up. 


To  receive  your  VPN  Security  Info  Kit  and  to  qualify  for  a  FREE  25-User  Trial  of  RSA  SecurlD 
two-factor  authentication,  go  to  www.rsasecurity.com/go/vpn-CW.  Or  call  1-800-495-1095. 
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BY  RUSSELL  KAY 

Organizations 
that  attempt  to 
do  business  on¬ 
line  quickly 
learn  that  there 
are  lots  of  IT-related  problems 
that  others  have  already 
solved.  Increasingly,  those  so¬ 
lutions  are  becoming  readily 
available  to  anyone,  in  the 
form  of  Web  services.  Web 
services  are  perhaps  the  latest, 
most  powerful  example  of 
reusable  program  compo¬ 
nents,  the  difference  being 
that  instead  of  incorporating 
component  code  directly  into 
your  application,  you  simply 
access  the  service  over  the 
Web,  pass  your  parameters 
along  to  it  and  let  the  remote 
service  do  the  work  for  you. 

It’s  an  extraordinarily  pow¬ 
erful  model,  but  with  one  ma¬ 
jor  hitch:  How  do  you  find  out 
what  Web  services  are  avail¬ 
able,  where  they  are  and  how 
you  use  them?  Businesses 
need  to  be  easily  able  to  dis¬ 
cover  one  another,  make  then- 
needs  and  capabilities  known 

and  integrate  services  _ 

using  each  business’s 
preferred  technology, 

Web  services  and 
commerce  processes. 

Until  recently,  there 
was  no  simple  way  to 
get  information  about  busi¬ 
nesses  and  what  services  they 
support  and  no  single  point  of 
access  to  obtain  that  informa¬ 
tion.  Now  there  is  Universal 
Description,  Discovery  and 
Integration  (UDDI),  a  stan- 
dards-based  system  for  regis¬ 
tering  Web  services. 

UDDI  is  an  industry  effort 
started  in  mid-2000  by  Ariba 
Inc.,  IBM  and  Microsoft  Corp., 
along  with  33  other  compa¬ 
nies.  Today,  UDDI  has  more 
than  300  community  mem¬ 
bers,  including  American  Ex¬ 
press  Co.,  SAP  AG  and  Ford 
Motor  Co.  The  UDDI  group 
doesn’t  call  itself  a  standards 
body,  even  though  it  offers  a 
framework  for  integrating 
Web  services.  The  UDDI 
specification  utilizes  World 
Wide  Web  Consortium  and 
Internet  Engineering  Task 
Force  standards  such  as  XML, 
Simple  Object  Access  Protocol 
(SOAP),  HTTP  and  Domain 
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UDDI:  Looking 
Up  Web  Services 

DEFINITION 

Universal  Description,  Discovery  and  Integration  (UDDI)  is 

akin  to  an  Internet  phone  book  that  describes  businesses 
and  the  Web  services  each  supports.  It’s  an  XML-based, 
platform-independent,  Internet-accessible  registry  in 
which  businesses,  software  vendors  and  programmers 
can  describe  the  Web  services  they  offer  and  provide 
links  on  how  to  use  them. 
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Name  System  protocols. 

UDDI  entered  its  public 
beta-testing  phase  in  Novem¬ 
ber  2000,  when  the  three 
founding  members  each  set  up 
a  registry  server  compliant 
with  Version  1.0  of  the  spec 
_  that  would  interoper¬ 
ate  with  other  mem¬ 
bers’  servers.  As  of 
mid-2002,  all  publicly 
available  nodes  of  the 
UDDI  Business  Reg¬ 
istry  (UBR)  have  been 
upgraded  to  Version  2.0. 

On  July  30,  technical  devel¬ 
opment  and  management  of 
the  UDDI  project  was  trans¬ 
ferred  to  Santa  Clara,  Calif.- 


UDDI  in  Action 

1.  Company  A  registers  itself  and 
any  Web  services  it  supports.  This 
registration  information  is  kept  in 
a  UBR,  an  XML-based  repository 
of  information  about  available  ser¬ 
vices,  registered  companies  and 
the  services  they  support,  and 
technical  specifications  on  how  to 
access  the  services. 


based  Organization  for  the 
Advancement  of  Structured 
Information  Standards,  a  glob¬ 
al  consortium  developing  and 
promoting  e-business  stan¬ 
dards. 

How  UDDI  Works 

At  its  heart,  UDDI  is  a  data¬ 
base  that’s  searchable  by  type 
of  business  (typically  identi¬ 
fied  using  the  North  American 
Industry  Classification  System 
—  NAICS  —  or  the  Standard 
Industrial  Classification), 
business  name  or  geographi¬ 
cal  location. 

Let’s  say  you  have  an  elec¬ 
tronic  order-entry  system  that 


relies  on  SOAP-based  Web 
services  and  you  want  to  do 
online  business  with  comput¬ 
er  makers.  You’ll  first  need  to 
know  which  computer  makers 
have  compatible  Web  services. 
A  search  of  UDDI  would  re¬ 
turn  a  list  of  those  computer 
companies  that  have  regis¬ 
tered  with  the  system. 

UDDI  registration  is  open 
to  companies  worldwide. 
When  a  business  registers 
with  UDDI,  it  provides  the 
registry  with  “white  pages”  in¬ 
formation  about  itself  (includ¬ 
ing  items  such  as  name  and 
contact  info),  “yellow  pages” 
taxonomies  (including  NAICS 


2.  Company  B 
queries  the  UBR 
to  find  out  which 
businesses  offer 
services  that 
might  fill  its 
needs. 
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REGISTERED  COMPANY 


3.  Company  B  contacts  Company  A  to 
establish  an  e-business  relationship. 
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business  identifiers,  products, 
services  and  geographic  loca-  ! 
tion)  and  “green  pages”  infor¬ 
mation  describing  the  compa¬ 
ny’s  business  processes  and 
how  to  do  business  with  it. 

Each  service  listed  in  the 
UDDI  registry  is  identified  as 
being  a  specific  type  of  ser¬ 
vice  with  a  unique  identifier 
that  comes  from  a  pool  of 
well-known  service  types  al¬ 
ready  registered  with  UDDI. 
Service  types  registration  in¬ 
cludes  a  pointer  to  the  name- 
space  containing  the  service 
type  description,  who  pub¬ 
lished  the  service,  and  a  ser¬ 
vice  type  registration  identifi¬ 
er,  called  a  tModelKey. 

While  the  registering  busi¬ 
ness  provides  most  registry 
information,  the  service  type 
is  normally  entered  by  soft¬ 
ware  developers,  standards 
bodies  or  programmers. 

UDDI  doesn’t  dictate  that 
an  organization  must  use  a 
specific  technology  or 
methodology  to  describe  its 
Web  service  interface.  A  com-  (- 
pany  is  free  to  use  simple 
prose,  more  formal  descrip¬ 
tion  languages,  an  XML 
schema  or  Web  Services 
Description  Language. 

More  than  10,000  business¬ 
es  have  registered  with  the 
three  public  UBR  nodes,  along 
with  4,000  individual  pro¬ 
viders  of  Web  services.  All 
registered  data  is  replicated 
among  all  the  UBR  nodes. 

Currently,  there  are  three 
UBRs,  with  a  fourth  from 
Tokyo-based  NTT  Communi¬ 
cations  Corp.  due  to  come  on¬ 
line  this  fall.  Hewlett-Packard 
Co.  was  operating  a  UDDI  reg¬ 
istry  but  in  July  announced 
that  it  would  discontinue  host¬ 
ing  the  node.  HP  did  say,  how¬ 
ever,  that  it  intends  to  contin¬ 
ue  to  support  UDDI.  I 


Kay  is  a  freelance  writer  in 
Worcester,  Mass.  You  can  reach 
him  at  russkay@charter.net. 


LOOKING  FOR  MORE? 

For  a  list  of  online  resources  about  UDDI. 
please  visit  our  Web  site: 
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"...  addresses  all 
storage  end-user 
needs ...” 


John  Spencer 

CIO 

AMERICAN  SOCIETY 
OF  HEALTH-SYSTEM 
PHARMACISTS 


"...  the  ideal 
resource  for 
storage 
education  and 
training ...” 


Vicki  Hamilton 
VICE  PRESIDENT 
SHARED  SERVICES  AND  IT 
OPERATIONS 

THE  WEATHER 
CHANNEL 


"...  an  ideal 
testing  site  for 
storage  users  to 
evaluate  new 
technology ...” 


James  Riggs 

PROGRAM  MANAGER 

US  ARMY  PERMS 


"...  the  number 
one  storage 
conference ...” 


Jon  Labrie 

CTO 

WETA  DIGITAL 


Get  the  World’s  Best 
Storage  Education! 


STORAGE 


NETWORKING 


WOR 

October  27-30,  2002 

Renaissance  Orlando  Resort 
Orlando,  Florida 


Co-owned  and  Produced  by:  Co-owned  and  Endorsed  by: 


COMPUTERWORLD 


•sSNIA 


Register  today  to  attend  the 
world's  premier  event  on: 


•  Enterprise  Infrastructure 

•  Business  Continuity 


Data  Management  and  Security 
Emerging  Technologies 


Is  data  volume  pushing  your  storage  infrastructure 
envelope?  Are  you  getting  increased  pressure  to  deal 
with  data  management  and  business  continuity? 

Attend  Storage  Networking  World  and  get  the  world's 
best  answers  to  your  storage  questions!  Designed  for 
both  enterprise  IT  managers  and  storage  professionals, 


SNW  is  the  only  conference  where  you  get: 

•  a  Storage  Networking  Industry  Association 
(SNIA)-endorsed  education 

•  a  hands-on  view  of  the  world's  only  SNIA-sanctioned 
Interoperability  and  Solutions  Demo 

•  exposure  to  peers,  experts,  visionaries  and 
technologies  that  no  other  conference  delivers 


See  and  Hear  Geoffrey  Moore 


Opening  Visionary  Presentation 

Monday,  October  28,  2002 


Geoffrey 

Moore 


Chairman 
and  Founder 
The  Chasm 
Group 


Author  of 


Living  on  Crossing  Inside 

the  Fault  the  the 

Line  Chasm  Tornado 


How  to  Creatively  Apply  IT 
in  Today’s  Economy 

In  the  current  economy,  companies  have  two 
key  priorities.  The  first  is  to  attack  costs. 

The  second  is  to  extract  resources  from  non- 
core  processes  in  order  to  focus  more  atten¬ 
tion  on  core  differentiation.  For  IT  managers 
and  professionals,  all  of  this  means  applying 
IT  creatively.  In  this  special  opening  session, 
Geoffrey  Moore  will  help  IT  managers  and 
professionals  understand  where  they  should 
spend  their  time,  what  they  should  spend  it 
on.  and  how  they  can  prepare  for  the  eventu¬ 
al  economic  upswing. 


See  the  World's  Best 

Storage  Interoperability 
and  Solutions  Demo 


In  our  world-class, 
acclaimed  Interoperability 
and  Solutions  Demo, 
you'll  not  only  see  real-life 
configurations,  you'll  tour 
the  Demo  area  and  discuss 
with  experts  the  technical 
configurations  and  how 
they  may  apply  to  your 
business. 


Get  the  CIO’s  Point-of-View 


Opening  Leadership  Presentation 

Tuesday,  October  29,  2002 


Fran 

Oramis 


CIO 

BellSouth 


As  CIO,  Chief  eCommerce  and  Security 
Officer  for  BellSouth,  Fran  has  first-hand 
knowledge  of  the  challenges  that  vast 
amounts  of  data  can  present  to  a  company. 
What  has  BellSouth  done  in  recent  years  to 
better  deal  with  increasing  amounts  of  data? 
Where  does  BellSouth  see  the  future  of  data 
management?  And  how  does  it  deal  with  the 
data  given  increasing  concerns  for  security 
and  business  continuity?  Find  out  in  this 
special  opening  presentation. 


Are  You  a  Storage 

SuperUser? 

Register  today  at  www.snwusa.com 
for  the  following  FREE  benefits: 


■  significant  conference  registration  savings  and  special 
host-hotel  reservation  privileges 

■  member-only  access  to  selected  streaming  video 
presentations  from  SNW  Spring  2002 

■  regular  conference  program  updates  including  keynote 
speaker  announcements,  program  tracks,  special 
conference  activities  and  more 

■  complimentary  subscription  to  SNW0nline.com  webzine 

■  priority  consideration  for  space-limited  tutorials 
and  sessions 

■  exclusive  tours  and  demonstrations  in  the 
Interoperability  and  Solutions  Demo 


For  more  information  and  to  register,  visit 


m 


Hear  Real-World  User  Implementation 
Case  Studies 

At  Storage  Networking  World, 
you’ll  see  IT  managers  and 
professionals  describe  how 
they  implemented  key  storage 
technologies  in  today's  world. 

You'll  learn  from  their  valuable 
lessons  and  have  an  opportunity  to  network  with  them. 

Get  an  Education  Endorsed 
bytheSNIA 

•  A  Primer  delivering 
basic  storage  concepts, 
terminology  and  business 
applications. 

•  Exclusive  SNIA-produced  and 
Delivered  Tutorial  Sessions, 
offering  immediately  implementable  tips,  tools  and 
techniques  that  cover: 

•  Disaster  Recovery,  Backup/Restore  and  High 
Availability 

•  Securing  and  Managing  Your  Storage  Networks 

•  Networking  for  Storage  Managers,  Virtualization, 
and  IP-based  Storage  Technology 

See  the  World’s  Largest  Storage 
Industry  Expo 

You'll  participate  in  live 
demonstrations  and  meet 
exhibiting  companies  specializ¬ 
ing  in  the  latest  data  manage¬ 
ment  and  storage  networking 
•  products  and  services. 


Agenda  Snapshot* _ 

For  details,  updates,  and  to  register  visit  our  Web  site. 

Sunday,  October  27 

9:30am-1 1 :00am  Industry  Primer  Tracks 
Noon-5:00pm  Golf  Outing  (complimentary  for  users)  at  Disney's 
Lake  Buena  Vista  Golf  Course 

1:00pm-5:30pm  SNIA-produced  Technical  and  Business  Tutorials 

•  Voice  of  the  User  and  Virtualization  Track 

•  Disaster  Recovery,  Backup/Restore,  and  High 
Availability  Solutions  Track 

•  Securing  and  Managing  Your  Storage  Networks  Track 

•  Focus  on  Networking  Your  Storage  Track 

•  IP-based  Storage  Track 

7:00pm-9:00pm  Pre-conference  Networking  Reception 

Monday,  October  28 

7:30am-8:15am  Continental  Breakfast 

8:30am-9:1 5am  Opening  Visionary  Presentation  by  Geoffrey  Moore 
9:15am-12:15pm  General  Sessions 
12:15pm-1 :30pm  Networking  Luncheon 
1:30pm-4:00pm  General  Sessions 

4:00pm-5:00pm  Technical,  Technical/Business  and  Business  Tracks 
5:00pm-8:00pm  Expo,  Interoperability  and  Solutions  Demo, 
and  Buffet  Dinner 


Tuesday,  October  29 


7:30am-8:15am 

8:15am-8:55am 

8:55am-Noon 

Noon-1:30pm 

Noon-7:15pm 

1:30pm-3:00pm 

3:00pm-5:00pm 

5:00pm-7:15pm 

7:30pm-9:00pm 


Continental  Breakfast 

Opening  Leadership  Presentation  by  Fran  Dramis 
General  Sessions 
Expo,  Buffet  Luncheon 
Interoperability  and  Solutions  Demo 
General  Sessions 

Technical,  Technical/Business  and  Business  Tracks 
Expo 

Gala  Dinner  and  Entertainment 


Wednesday,  October  30 

7:30am-8:30am  Continental  Breakfast 

8:30am-Noon  Technical,  Technical/Business  and  Business  Tracks 

•subject  to  revision 


Learn  from  User  Case  Studies  and  PersDectives 


RICK 

PETERSON 

VP  of  IT 
Operations  and 
Production 
Services 

DIRECTV 


MARLENE 

RUPP 

Enterprise 

Business 

Continuity 

Manager 

Fidelity 

Investments 


MARK 

PRICE 

Director  of 
Enterprise 
Architecture 

Carlson 

Companies 


JOHN  CHARLES  JASON  SCOTT  RAY 

BLACKMAN  INCHES  HYON  STEGNER  DICKENSHEETS 

Systems  Architect  IT  Director  Deputy  Manager  Storage  Solutions  Senior  Technical 
Emerging  Corner  Banca  SA  Earth  Science  Data  Practice  Manager  Architect 
Technologies  &  Switzerland  Systems  Section  Lockheed  Sprint 

Consulting  NASA-  Martin 

Wells  Fargo  Jet  Propulsion 

Laboratory 


BRIAN 

COBB 

VP  of  Systems 
Engineering 

Fannie  Mae 


Hear  from  Industry  Leaders 


GREG 

MARK 

DAVE 

MARK 

BRIAN 

DAVID 

GARY 

STEVE 

CHARLES 

REYES 

LEWIS 

ROBERSON 

BREGMAN 

TRUSKOWSKI 

HILL 

FRANCIS 

DUPLESSIE 

STEVENS 

CEO 

EVP,  New 

President 

EVP  of  Product 

CTO 

VP  of  Storage 

Corporate  VP  & 

Founder  and 

Corporate  VP 

Brocade 

Ventures 

&COO 

Management 

Storage  Systems 
Group 

Research,  Storage 

General  Manager 

Senior  Analyst 

Enterprise 

Communications 

&  CTO 

Hitachi  Data 

VERITAS 

&  Storage 

Automated  Tape 

Enterprise 

Storage  Division 

EMC 

Systems 

Software 

IBM 

Management 

Aberdeen 

Group 

Solutiens 

StorageTek 

Storage  Group 

Microsoft 

Hfli'w.snwusa.com/fall  or  call  1-800-883-9090 

(1-508-820-8159) 
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"...  the  best 
conference  for 
storage  users ..." 


Mike  Prince 

CIO 

BURLINGTON  COAT 
FACTORY 


"...  the  only 
storage  network 
ing  conference 
that  delivers 


Gary  Mountain 
MANAGER,  TECHNOLOGY 
SERVICES 

IDAHO  POWER 


"...  the  best 
chance  to  see  the 
latest  storage 
technology  all  in 
one  place ..." 


David  Bentley 
TECHNICAL  SYSTEMS 
ENGINEER 


PHILLIPS 

PETROLEUM 


"...  a  true  value  for 
storage  users ..." 


Doug  Roberts 
MANAGER,  SYSTEMS 
SERVICES 

HANNAFORD  BROS. 


IT  Executives  and  Managers  Choose  Storage  Networking  World! 


"...  the  Interoperability 
and  Solutions  Demo  is 
incredible ...” 


Bob  Venable 

ENTERPRISE  SYSTEMS  MANAGER 

BLUE  CROSS  &  BLUE  SHIELD 
OF  TENNESSEE 


"...  a  great  climate  for 
interaction  with  peers ...” 


Robert  Smalley 
SENIOR  PROJECT  SPECIALIST 

BANK  OF  MONTREAL 


Travel  and  Accommodations 


IDG  Travel  is  the  official  travel  company  for  Storage  Networking 
World.  They  are  your  one-stop  shop  for  exclusive  discounted  rates 
on  hotel  accommodations. 

American  Airlines  is  the  preferred  airline  for  Storage  AmeriCdnAirlin@S’ 
Networking  World.  For  information  and  discounts  of 
20%  on  American  Airlines  call  IDG  Travel  Services 
at  1-800-340-2262  or  1-508-820-8159. 

To  reserve  your  accommodations: 

•  visit  www.etcentral.com  OR 

•  call  1-800-340-2262  lor  1-508-820-8159) 

Registration 


WIDG 


"...  great  end-user 
case  studies ..." 


Ray  Dickensheets 
SENIOR  TECHNICAL  ARCHITECT 

SPRINT 


”...  a  key  tool  to  help 
users  understand  storage 
management ...” 

k 

Anthony  Lloyd 
VICE  PRESIDENT 
COMPUTER  OPERATIONS 

WARNER  BROS. 


Pre-Conference  Golf  Outing 

Complimentary  Golf  Outing 
for  Registered  IT  Users 

The  Pre-Conference  Golf  Outing  at  the  Walt 
Disney  World  Resort  Lake  Buena  Vista  Golf 
Course  is  complimentary  ($125  value)  for  reg¬ 
istered  IT  End-Users  [other  participants, 
including  sponsors  and  vendors,  may  play  on  an  "as  available"  basis 
and  are  responsible  for  all  applicable  golf  outing  expenses). 

For  details: 

•  call  Lynn  Mason  at  1-508-820-8652 


— 


Options: 

All  Dollar  Amounts  in  U.S.  Funds 

j  Earlybird 
|  Registration 

j  (through  Sept.  16th) 

j  Full/On-Site 
:  Registration 

j  (after  Sept.  1 6th) 

Conference 

Sessions 

Package  Includes 

Interoperability  and 
Solutions  Demo.  Expo, 
Meals  &  Receptions 

Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA- 
Certification  ''Test-Ready"  Courses 

General  Conference  Package*  (Oct.  28  &  29): 

$1,095 

$1,245 

Yes 

Yes 

No 

Total  4-day  Package*  (Oct.  27,  28,  29,  30): 

•  General  Conference  Package 

•  Technical  and  Business  Tracks 

•  SNIA-produced  Tutorials  [Oct.  27) 

NEW!  *  SNIA-Certification  "Test-Ready"  Courses 

(see  Web  site  for  details) 

$1,490 

$1,690 

Yes 

Yes 

Yes 

Expo,  Interoperability  and  Solutions  Demo, 

Meals  &  Receptions  Only  Package 

$450 

$495 

No 

Yes 

No 

•Includes  Expo,  Interoperability  and  Solutions  Demo,  Meals  and  Receptions 


To  Register  Visit  www.snwusa.com/fall  or  Call  1-800-883-9090  d-508-820-8159) 


STORAGE 

NETWORKING 

W  O  R  l_D 


CO-OWNED  &  PRODUCED  BY  4  ENOORSE^BY 

COMPUTEftWORlD  *LSNIA 


500  Old  Connecticut  Path 
Framingham,  MA  01701 


NEXT-GENERATION 


WEB  SERVICES  M:  THE  APPLICATIONS 


SEPTEMBER 


2002 


The  Westin  Santa  Clara  I  Santa  Clara,  California 


You  Have  Heard  the  Promise.  Now  Hear  the  Reality. 


InfoWorld  editors  invite  you  to  take  a  hard  look  at  how  Web  services'  technology  is  affecting 
enterprise  applications — from  content  management  and  collaboration  to  business  process 
integration.  Hear  both  challenges  and  success  stories  from  the  IT  executives  who  are 
embracing  Web  services  and  from  the  technology  experts  whose  products  are  fueling  this 
new  era  of  enterprise  computing. 


> 


Agenda  topics  include: 

Enterprise  Application  Vendors  Rise  to 
the  Challenge 

Cross  Application  Business  Process 
Integration 

Collaborative  Applications  Born  of  Web 
Services 


>  Mobile  Web  Services 

>  Mastering  Asynchronous  Web  Services 

>  E-business  ala  Web  Services 

>  Understanding  Web  Services  Management 

>  Web  Services  in  the  Financial  Sector 


FEATURED 

SPEAKER 


Forrest  Sawyer 

Chairman  &  Co-Founder 
Sawyer  Media 
Anchor  MSNBC 


KEYNOTE 

SPEAKERS 


Shai  Agassi  Rick  Berquist 

Executive  Board  Member  CTO  and  Fellow 

SAP  Corporation  PeopleSoft 


Sergey  Brin 

Co-Founder  &  President, 

Technology 

Google 


James  Hall 

Managing  Partner 
Technology  Solutions 
Accenture 


Mark  Hoffman 

Chairman  &  CEO 
Commerce  One 


Thomas  Kurian 

Sr.  Vice  President, 

Oracle  9i  Application  Server 
Oracle  Corporation 


Dan'l  Lewin 

Corporate  Vice  President 
Microsoft  .NET  Business 
Development 


Jonathan  Schwartz 

Chief  Strategy  Officer 
Sun  Microsystems 


Partner  Sponsor: 

attachmate  commerce 

one 


Microsoft 

.net 


Contributing  Sponsor: 


epicentre" 


Technology  Pavilion  Sponsor: 

flamenco  networks 

Infravio 

Fuego 

Cape  Clear  Software 
Actional 


Supporting  Sponsors: 

WebServices.Org 
SDForum 
Sawyer  Media 
METAWorks 


A  business  continuity  plan  can’t  guarantee  uninterrupted  access  to  critical  business  data.  Even  with  redundant  tapes, 
hardware,  software  and  networks,  a  single  point  of  failure  may  still  pose  a  risk. 

An  Information  Availability  solution  from  SunGard  is  your  bulletproof  answer  for  keeping  people  and  information  connected. 
More  than  mere  data  protection,  software  and  disaster  recovery,  Information  Availability  is  the  net  beneath  you,  providing 
information  access  24/7. 

With  so  much  riding  on  your  data,  it  makes  sense  to  partner  with  one  of  the  largest  providers  of  platform-independent 
and  integrated  IT  solutions.  For  information  availability  worldwide,  enterprises  depend  on  our  secure,  hardened  facilities  for 
computer  centers  and  work  areas,  our  dedicated  redundant  networks,  and  our  trading  floor  and  market  data  workstations. 

SunGard  Availability  Services  is  an  integral  part  of  SunGard,  a  company  that 
serves  20,000  clients  in  over  50  countries  and  is  one  of  the  S&P  500.  Compare 
your  readiness  to  other  companies.  Take  our  Information  Availability  Challenge  at 

www.availability.sungard.com/iac  Availability  Services 


SUNGARD 


The  Net  Beneath  You 


THIS  WEEK 


MORE  THAN  A  GAME 

Transportation,  energy  and  other 
critical-infrastructure  industries 
are  stepping  up  their  participation 
in  cyberattack  exercises  as  a  means 
of  preparing  for  a  terrorist-related 
disaster.  PAGE  44 


ACTS  OF  GOD 
AND  VENDORS 

The  events  of  Sept.  11  have  drawn 
attention  to  force  majeure  clauses 
in  IT  contracts.  Here  are  some 
things  to  watch  out  for  and  steps 
you  can  take  to  protect  your  com¬ 
pany  from  this  typically  vendor- 
controlled  proviso.  PAGE  46 


ECONOMY  CAPS 
SECURITY  SPENDING 

IT  security  spending  has  remained 
relatively  flat  since  the  9/11  attacks, 
caught  in  the  undertow  of  IT  bud¬ 
get  cutbacks.  But  one  thing  has 
changed:  A  growing  number  of 
firms  are  taking  business  continu¬ 
ity  into  their  own  hands.  PAGE  48 


GETTING  THE  MOST 
OUT  OF  OLD  CODE 

Even  before  all  the  uproar  over 
Y2k,  William  Ulrich  was  an  ardent 
evangelist  about  the  need  for  com¬ 
panies  to  inventory  and  then  inte¬ 
grate  their  legacy  applications  into 
Web-based  systems.  In  his  new 
book,  he  lays  out  a  step-by-step 
plan  for  how  to  do  it.  PAGE  50 


CAREER  ADVISER 

Fran  Quittel  offers  guidance  to  a 
systems  administrator  with  20 
years  of  AS/400  experience  who 
wants  to  update  her  skills,  and  she 
helps  a  young  IT  worker  explore 
career  options  after  four  years  in 
the  video  game  industry.  PAGE  54 


BART  PERKINS 

The  Other  Three  Rs 

AS  BUDGETING  SEASON  APPROACHES,  all  IT  managers  are 

looking  for  ways  to  reduce  costs.  While  your  supplier  portfo¬ 
lio  is  an  excellent  place  to  start,  don’t  beat  every  last  cent  out 
of  your  vendors  until  you  consider  the  three  Rs  of  supplier- 
related  cost  reduction:  repetition,  redundancy  and  rigor. 


Repetition:  Look  for  costs  that  recur  automatically. 
Review  monthly  bills  to  make  sure  you  are  using  the 
product  or  service  for  which  you  are  receiving  a  bill. 
While  the  individual  amounts  may  seem  relatively 
small,  removing  these  errors  will  generate  savings 
each  month  for  years.  For  example,  telecommunica¬ 
tions  bills  (which  are  often  more  than  100  pages  long) 
may  contain  charges  for  unused  lines  or  services. 

Your  asset  management  system  may  reveal  other 
savings  opportunities.  Maintenance  charges  on  re¬ 
tired  hardware  can  continue  long  after  the  box  has 
become  a  boat  anchor.  One  of  my  firm’s  clients  found 
that  it  was  still  paying  several  million  dollars  for  an¬ 
nual  hardware  maintenance  on  point-of-sale  equip¬ 
ment  that  had  been  retired  for  several  years. 

Redundancy:  Eliminate  redundant  contracts  and  sup¬ 
pliers.  It  takes  time  and  money  to  manage  each  one. 
Consolidation  will  reduce  overhead  and  aggravation. 

Highly  decentralized  corporations  need  to  closely 
examine  their  divisional  contracts.  Often,  divisions 
hold  contracts  with  the  same  suppliers.  Replace  divi¬ 
sion-level  agreements  with  a  corporatewide  contract. 

Reduce  the  number  of  buyers  in  your  company,  since 
each  buyer  represents  significant  overhead.  Over¬ 
head  includes  the  time  it  takes  to  coordinate  with 
other  buyers,  as  well  as  the  time  required  to  become 
familiar  with  complex  contracts,  financial 
models  and  the  IT  architecture.  Having 
fewer  buyers  not  only  reduces  overhead, 
but  it  also  minimizes  redundant  buying  de¬ 
cisions.  The  vice  president  of  procurement 
at  a  major  financial  services  company  said 
it  well:  “I  am  astounded  by  the  number  of 
manager-level  employees  who  can  obligate 
a  $17  billion  corporation.” 

Rigor:  Rigor  makes  savings  reliable  and  re¬ 
peatable.  Try  to  do  the  following  regularly: 

■  Consolidate  your  technology  purchases 
to  obtain  lower  unit  costs  and  ensure  con¬ 
sistent  pricing. 

■  Make  sure  your  buying  process  con¬ 
tains  checkpoints  for  both  architectural 
and  financial  reviews. 

■  Before  negotiating  with  suppliers,  do 


your  homework  to  anticipate  their  wants  and  needs. 
One  well-known  desktop  lessor  offered  discounted 
lease  rates  to  a  client  in  anticipation  that  it  would  make 
additional  profits  from  its  new  asset  management 
service.  And  it’s  common  for  vendors,  when  entering 
a  new  vertical  market,  to  offer  low  prices  to  the  first 
few  customers  if  they  agree  to  serve  as  references. 

■  Demand  business  cases  from  the  executive  spon¬ 
sor  for  all  projects  —  and  kill  projects  that  lack  clear 
justification. 

■  Charge  the  beneficiary  for  services  rendered. 
Everyone  is  more  careful  about  using  resources 
when  it  affects  their  budget.  Make  chargeback  poli¬ 
cies  consistent,  understandable  and  fair  to  prevent 
P&L  pingpong  —  sending  a  charge  to  someone  else 
so  it  doesn’t  affect  your  profit  and  loss  statement. 

■  Let  suppliers  help  provide  rigor.  One  client  saved 
18%  of  its  maintenance  costs  by  transferring  its  appli¬ 
cation  maintenance  (and  staff)  to  an  outsourcer.  An¬ 
other  client  saved  40%  by  buying  systems  adminis¬ 
tration  as  a  service.  Both  clients  were  far  more  judi¬ 
cious  about  making  changes  when  they  realized  they 
were  paying  “by  the  drink.” 

■  Use  e-procurement  for  commodity  and  catalog 
purchasing  to  standardize  your  buying  process  and 
ensure  consistency. 

These  savings  will  be  far  easier  to 
achieve  if  you’ve  done  a  supplier  portfolio 
baseline  first  [QuickLink  31023].  The  base¬ 
line  provides  a  road  map  for  locating  these 
and  other  IT  savings.  It  tells  you  where 
you’re  actually  spending  the  most  money 
(probably  different  from  your  “common 
knowledge”  estimate)  and  tells  you  when 
you’re  spending  money  you  weren’t  aware 
of  (and  wish  you  hadn’t  spent). 

A  word  of  caution:  Don’t  view  outsourc¬ 
ing  as  a  panacea.  Never  outsource  one 
piece  at  a  time  without  a  master  plan. 

Use  the  three  Rs  to  leverage  your  end-of- 
year  cost-cutting  measures.  Repetition,  re¬ 
dundancy  and  rigor  are  far  more  preferable 
to  the  dreaded  and  demoralizing  fourth  R: 
RIF,  or  reduction  in  force.  ► 


CIO  at  Tricon  Global 
Restaurants  Inc.  and 
Dole  Food  Co.,  is  man¬ 
aging  partner  at  Lever¬ 
age  Partners  Inc.,  which 
helps  CIOs  manage  their 
IT  suppliers.  Contact 
him  at  BartPerkins@ 
LeveragePartners.com. 
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London,  deg.  21,  9.02  a.m.-.  The 
secretary  to  the  president  of 
Big  Dollar  Credit  in  London 
gets  a  phone  call:  “You  have  not 
lived  up  to  your  obligation.  You 
will  pay.”  She  reports  it  to  you. 
As  the  IT  manager,  do  you  care? 
Two  days  later,  a  mass  of 
electronic  trading  services 
goes  off-line.  Then  they’re 
back  online.  Next,  the 
phones  go  down  at  two  of 
your  trading  partners’  sites. 

Bombing  threats  are  lodged  against  six 
London  banking  outlets.  Now  you  care. 
But  what  do  you  do? 

Welcome  to  a  typical  cyberterrorism 
exercise. 

The  purpose  of  the  game  is  to  rattle 
you,  shake  your  confidence  and  push 
you  into  making  critical  mistakes.  In  so 
doing,  your  opponent  wins  the  cyber¬ 
war,  something  U.S.  government  offi¬ 
cials  and  many  IT  professionals  think  is 
more  likely  to  happen  since  Sept.  11.  In  a 
June  survey,  55%  of  395  IT  professionals 
at  manufacturing,  service,  technology 
and  other  companies  said  they  think  it’s 
very  likely  that  utility  grids,  financial 
institutions,  communications  systems 
and  transportation  infrastructure  will 
be  the  target  of  a  major  cyberattack  in 
the  next  12  months,  according  to  the 
Business  Software  Alliance,  a  Washing¬ 
ton-based  software  vendor  lobbyist 
group,  which  conducted  the  poll. 

Although  no  one  knows  precisely 
what  a  cyberattack  will  consist  of,  the 
common  thinking  among  experts  is 
that  it  will  be  part  of  a  multitiered  as¬ 
sault  on  physical  structures  and  the 
computing  networks  of  one  or  more 
critical  infrastructure  providers,  such 
as  energy,  communications,  trans¬ 
portation,  finance  and  emergency  ser¬ 
vices  companies.  The  cyber  part  would 


SEPTEMBER  11 

IT  Responds 


Corporations  are  adding  cyberattack  exercises  to  their 
disaster-preparedness  tactics.  By  Deborah  Raddiff 


involve  things  such  as  denial-of-ser- 
vice  attacks  and  Trojan  horses,  or  in¬ 
sider  damage  and  types  of  attacks  not 
yet  thought  of,  say  experts. 

The  issue  facing  corporations  and 
their  IT  departments  is  how  to  prepare 
and  work  with  a  cross-section  of  key 
players,  including  compa¬ 
nies  in  other  industries, 
emergency  services,  law  en¬ 
forcement  and  government 
agencies,  so  that  all  can  ef¬ 
fectively  play  their  roles 
in  a  recovery  from  an  attack  on  the  na¬ 
tion’s  critical  networked  infrastructure. 

“We  depend  on  oil  and  gas  lines  be¬ 
ing  operational,  but  you  lose  some  of 
those  dependencies  when  a  cyber  and 
physical  attack  hit  simultaneously.  How 
do  you  recover?  How  do  you  report?” 
says  James  Sample,  manager  of  informa¬ 
tion  security  at  the  California  Indepen¬ 
dent  System  Operator  (ISO)  in  Folsom, 
Calif.,  the  state’s  energy  grid  operator. 

The  best  way  to  prepare  is  through 
practice,  say  Sample  and  other  experts. 

The  number  of  counter-cyberattack 
practice  games  being  carried  out  is  still 
relatively  low.  But  since  Sept.  11,  more 
exercises  have  become  available  than 
ever  before.  For  example,  the  Bethesda, 
Md.-based  SANS  Institute,  a  security 
education  group,  will  hold  an  exercise 
in  Washington  next  month.  And  the 
Seattle-based  Pacific  Northwest  Eco¬ 
nomic  Region,  a  regional  economic  de¬ 
velopment  forum,  has  launched  a 
cyberdefense  training  program  called 
Blue  Cascades,  which  conducted  exer¬ 
cises  in  June  that  were  attended  by  the 
California  ISO  and  120  electric  power 
industry  representatives  from  the  Pa¬ 
cific  Northwest  and  Canada. 

In  July,  the  Naval  War  College  in 
Newport,  R.I.,  held  its  first  cyberattack 
exercises  for  the  private  sector.  The 
training  was  co-sponsored  by  Stam¬ 
ford,  Conn.-based  Gartner  Inc.,  which 
is  also  co-sponsoring  a  number  of  oth¬ 
er  counter-cyberattack  training  exer¬ 
cises  in  the  coming  months. 

Most  games  typically  start  by  assign¬ 
ing  roles  to  participants,  such  as  cor¬ 
porate  vice  president,  public  relations 
manager,  law  enforcement  official, 

CIO  or  IT  manager,  explains  Winn 


MANAGEMENT 


Crafting  a  Response  Plan 


The  best  defense  against  cyberterror¬ 
ism  is  a  good  offense,  says  Kevin 
Nixon,  chief  security  officer  at  Exodus. 
That  means  getting  buy-in  from  man¬ 
agement,  assessing  risk,  and  oversee¬ 
ing  security  and  risk  management 
processes,  authentication,  auditing, 
physical  security  and  user  security 
policies.  But  you  still  need  a  response 
plan.  He  suggests  the  following: 

GATHER  THE  FACTS:  Interview  business 
unit  managers  to  learn  about  key  corporate 
services  and  information  that  must  remain 
available  in  an  emergency.  Remember  mun¬ 
dane  things  like  the  number  of  pencils  need¬ 
ed  should  the  accounting  system  go  down. 


tlM 


SET  UP  A  TEAM:  Typical  teams  include  the 


vice  president,  executive  communications 
manager,  IT  manager  and  legal  counsel. 

ESTABLISH  A  REPORTING  PUN:  Typi¬ 
cally,  the  IT  manager  reports  to  the  internal 
disaster  recovery  team.  But  there  are  also 
outside  organizations  with  which  the  IT  man¬ 
ager  needs  to  cross-coordinate.  These  may 
include  the  IT  manager  at  an  energy  compa¬ 
ny,  and  the  Washington-based  National  Infra¬ 
structure  Protection  Center  (www.nipc.gov). 
Reporting-structure  plans  should  include 
items  like  diagrams  or  lists  showing  whom  a 
call  goes  to  if  the  primary  point  of  contact  is 
unavailable,  and  the  chain  of  command. 

REHEARSE:  Practice  once  a  year  on  a 
grand  scale  and  more  frequently  at  the 
departmental  level. 


Schwartau,  president  of  Interpact  Inc. 
in  Clearwater,  Fla.  Schwartau,  who 
coined  the  phrase  digital  Pearl  Harbor 
in  the  early  1990s,  started  conducting 
cyberwar  exercises  for  the  military  in 
1995.  After  roles  are  assigned,  partici¬ 
pants  are  put  on  stage  and  Schwartau 
turns  up  the  heat. 

“Threats  are  piling  up,  communica¬ 
tions  are  failing,  the  weather  really 
sucks,  and  in  the  end  I  throw  a  fit  and 
call  them  all  incompetent  jerks  and 
storm  from  the  auditorium,”  he  says. 

If  the  exercise  is  done  right,  IT  pro¬ 
fessionals  will  think,  coordinate  and 
perform  better  in  a  real  emergency, 
says  Stephen  Northcutt,  a  cyberattack 
exercise  instructor  for  SANS. 

“If  you’ve  never  been  under  mass 
fire  and  suddenly  you  are,  the  odds  are 
that  your  brain  will  shut  down  and 
you’ll  do  everything  wrong,”  Northcutt 
says.  “So  the  biggest  benefit  these 
games  provide  is  a  dress  rehearsal  so 
you  can  develop  actions  out  of  theory.” 

At  the  very  least,  participants  come 
away  with  a  healthy  dose  of  paranoia, 
says  French  Caldwell,  a  Gartner  ana¬ 
lyst  specializing  in  knowledge  manage¬ 
ment.  For  example,  he  says,  during  the 
Naval  War  College’s  exercise  in  July,  a 
large  swath  of  India  experienced  a  ma¬ 
jor  power  outage  —  a  real  event  that 
wasn’t  part  of  the  game. 

But  because  of  the  exercise,  which 
was  geared  toward  getting  corporate 
executives  to  think  like  potential 
cyberattackers,  some  of  the  84  corpo¬ 
rate  participants,  among  them  chief 
security  officers  and  CIOs  from  the 
financial,  energy  and  telecommuni¬ 
cations  industries,  conjectured  that 
maybe  the  outage  was  a  test  bed  for  a 


cyberattack  against  the  U.S.  Another 
gaming  event  for  response  scenarios  is 
being  planned,  says  Naval  War  College 
professor  Craig  Koerner. 

By  getting  into  the  heads  of  would- 
be  attackers,  participants  learned 
two  things,  Koerner  says.  First,  they 
learned  that  a  terrorist’s  target  isn’t 
always  going  to  be  a  military  one;  in¬ 
stead,  it’s  often  a  high-profile  private- 
sector  organization  that’s  selected  for 
its  impact  on  critical  infrastructure 
services,  such  as  the  financial  organi¬ 
zations  and  airlines  that  were  damaged 
in  the  Sept.  11  attacks. 

Participants  also  learned  that  those 
infrastructure  targets  are  more  intercon¬ 
nected  than  they  previously  thought,  he 
says.  For  example,  most  companies  have 
72  hours’  worth  of  fuel  stored  for  their 
backup  electrical  generators  in  case  the 
power  should  go  out,  says  Sample.  But 
if  the  blackout  were  to  last  longer,  there 
would  be  no  way  to  get  more  fuel  for 
generators  because  it  also  takes  power 
to  run  the  pumps  that  dispense  it. 

The  example  illustrates  the  vital 
need  for  coordination  across  geograph¬ 
ic  boundaries  and  different  industries 
and  governments,  Sample  says.  But  the 
issue  of  trust  among  these  groups  isn’t 
taken  lightly,  say  Caldwell  and  others. 

It’s  still  difficult  to  share  information 
across  industries  and  government 
agencies,  they  say.  And  the  govern¬ 
ment’s  own  intelligence  agencies,  such 
as  the  FBI  and  CIA,  can’t  even  share  in- 


CYBERAmCK  RESOURCES 

Visit  our  Web  site  tor  links  to  more  information  about 
cyberattacks  and  how  to  prepare  for  them: 

QuickLink  32328 
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formation  with  one  another,  as  a  Con¬ 
gressional  report  noted,  adds  Sample. 

“Now  you’ve  got  private  industry 
needing  intelligence  information  that’s 
classified  by  the  government,  [and] 
they  can’t  give  it  to  us,”  Sample  says. 
“And  we  can’t  always  give  them  the  in¬ 
formation  that  they  want  either.” 

That’s  why  the  most  comprehensive 
cyberpreparedness  exercises  bring  to¬ 
gether  people  from  different,  interde¬ 
pendent  sectors  and  government  agen¬ 
cies  and  include  practicing  how  infor¬ 
mation  will  be  shared,  says  Koerner. 

“When  you  game,  you  engage  in 
back-and-forth  discussions  and  de¬ 
bates,  but  ultimately  you  learn  to  coor¬ 
dinate  with  each  other,”  he  explains. 

Participants  like  the  California  ISO 
are  also  using  what  they  have  learned 
during  cyberexercises  to  hone  their 
organizations’  cyberattack  response 
teams  and  policies  and  to  conduct  their 
own  internal  exercises,  Sample  says. 

Cyberattack  response  policy  should 
feed  into  the  overall  business  continuity 
and  disaster  recovery  chain  of  com¬ 
mand,  says  Kevin  Nixon,  senior  director 
of  business  strategy  and  chief  security 
officer  at  Exodus,  a  Cable  &  Wireless 
Internet  Services  Inc.  subsidiary  in  San¬ 
ta  Clara,  Calif.  Nixon  is  also  a  member 
of  the  disaster  recovery  workgroup  for 
the  U.S.  Office  of  Homeland  Security. 

Just  like  other  disaster  recovery 
plans,  a  cyberattack  recovery  policy 
should  identify  the  most  critical  infor¬ 
mation  resources  and  the  technologies 
housing  them,  develop  backup  policies 
for  those  resources,  assign  a  disaster 
response  team  and  then  rehearse, 
which  is  what  gaming  exercises  are  all 
about,  says  Nixon. 

“Poor  moments  of  exercising  bad 
judgment  are  when  things  fall  apart,” 
says  Thornton  May,  corporate  futurist 
at  Guardent  Inc.  in  Waltham,  Mass., 
who  helped  organize  simulations  for 
the  Sector  5  Summit,  a  cyberterrorism 
preparedness  conference  held  in  Wash¬ 
ington  last  month.  Soon,  such  prepared¬ 
ness  will  be  mandatory  in  industries 
that  are  deemed  most  critical  for  the 
continued  operation  of  the  U.S.  econo¬ 
my  and  vital  services,  says  May,  a  Com- 
puterworld  columnist. 

“The  ability  to  execute  will  be  a  big 
part  of  corporate  accountability  in  this 
post-9/11,  environment,”  May  says. 
“Simulating  information  security  sce¬ 
narios  is  a  practical  tool  that  managers 
can  use  for  making  strategic  security 
decisions  in  real-world  scenarios.”  ► 


Radcliffis  a  freelance  writer  in 
Northern  California.  Contact 
her  at  derad@aol.com. 


Five  key  components 
to  an  effective 
cyberterrorism  exercise: 


t 

Shape  the  game. 
Determine  what  issues  you're 
trying  to  deal  with. 


2 

Assign  the  players 
and  their  roles:  internal, 
external  and  attackers. 


p| 

Profile  the  players. 
Sample  profiles  include: 

■  Achievers.  Those 
who  want  to  win. 

■  Explorers.  Those  for  whom 
winning  is  secondary  to  being 
the  most  knowledgeable  on 
how  things  work. 

■  Socializers.  Those  who 
go  along  to  get  along. 

■  Spoilers.  The  naysayers 
who  get  in  the  way  but  who 
also  raisi  Dotential  problems 
that  need  to  be  addressed. 


4| 

Use  profile  data  to  determine 
what  actions  different  types 
of  people  (attackers  and 
responders)  might  take. 


Structure  the  game 
by  building  scenarios  and 
events  that  challenge  the  tech¬ 
nical  process  you're  testing. 

SOURCE  THORNTON  MAY  CORPORATE 
FUTURIST.  SUAROENT  INC  .  WALTHAM 
MASS 
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Acts  of  God 
And  Vendors 

Beware  of  to clauses  in  IT  contracts  -  they 
can  leave  your  firm  in  the  lurch.  By  Kathleen  Melpuka 


SINCE  THE  COLLAPSE  of  the 
World  Trade  Center,  a  new 
word  has  begun  to  appear  in 
IT  contracts.  Vendors  have 
been  adding  the  word  terror¬ 
ism  to  the  list  of  events  that 
can  trigger  force  majeure  claus¬ 
es  in  IT  product  and  service  contracts. 
This  might  not  be  a  problem  for  you; 
the  chances  of  terrorism  interfering 
with  your  software  implementation 
may  be  slight.  But  this  new 
addition  to  force  majeure 
clauses  is  an  opportunity 
for  you  to  more  closely 
consider  these  often- 
overlooked  clauses. 

Force  majeure,  a  French  term  mean¬ 
ing  “major  force,”  refers  to  wording  in 
many  contracts  —  IT  and  non-IT  — 
that  stipulates  that  a  vendor’s  failure 
to  perform  isn’t  a  breach  of  contract 
if  it  results  from  a  cause  beyond  the 
vendor’s  control. 

Force  majeure  has  traditionally  re¬ 
ferred  to  “acts  of  God,”  such  as  earth¬ 
quakes  and  floods,  or  uncontrollable 
events,  such  as  wars  and  riots.  The  1995 
Kobe  earthquake,  for  example,  kept 
certain  LCD  screen  suppliers  in  Japan 
from  fulfilling  contractual  obligations 
with  customers  throughout  the  world. 

Such  occurrences  have  been  so  rare, 
however,  that  user  companies  have 
paid  little  attention  to  force  majeure. 

“It  was  not  uncommon  for  it  to  slide 
through  because  there  were  more  im¬ 
portant  issues,  like  service  levels,  that 
users  were  worried  about,”  says  Diana 
McKenzie,  an  attorney  at  Gordon  & 
Glickson  I.LC,  a  firm  in  Chicago  that 
specializes  in  technology  law. 

Then  came  Sept.  11,  and  suddenly 
terrorism  joined  the  force  majeure  pro¬ 
viso,  causing  some  IT  contract  nego¬ 
tiators  to  take  notice.  They  found  that 


the  definition  of  force  majeure  has  been 
quietly  expanding. 

“I’ve  seen  a  lot  of  creep  in  the  langu¬ 
age  of  that  clause,”  says  Maureen  Dor- 
ney,  an  attorney  at  Gray  Cary  Ware  & 
Freidenrich  LLP  in  Palo  Alto,  Calif, 
who  negotiates  IT  contracts.  “It’s  get¬ 
ting  broader  and  broader,  which  is 
good  if  you’re  a  supplier  and  bad  if 
you’re  a  customer.” 

Force  majeure  is  no  longer  limited 
to  acts  of  God.  Words  and 
phrases  such  as  war,  riot, 
strike,  material  shortages, 
civil  unrest,  labor  unrest, 
fuel  shortages  and  even  fail¬ 
ure  of  subcontractors  to  per¬ 
form  have  been  added  to  some  con¬ 
tracts,  giving  vendors  legal  excuses  for 
nonperformance  that  attorneys  say  are 
over  the  top.  While  few  companies 
have  yet  had  major  disputes  over  force 
majeure,  some  of  these  new  provisions 
could  lead  to  difficulties  in  the  future. 

Users  “should  not  be  bearing  the 
risk  of  the  fact  that  [the  vendors]  pick 
a  bad  subcontractor,”  says  Doug  Ey,  an 
attorney  at  Helms  Mulliss  &  Wicker 
PLLC  in  Charlotte,  N.C.,  a  firm  that  has 
significant  experience  in  technology 
law.  “That  is  not  beyond  your  control.” 

Neither  are  strikes.  Last  year,  Larry 
Thomas,  an  IT  contract  attorney  at 
Thomas  &  Bonnabeau  PA  in  Minneapo¬ 
lis,  negotiated  for  weeks  to  get  the  word 
strikes  removed  from  the  force  majeure 
triggers  on  a  telecommunications  con¬ 
tract  for  a  client,  a  national  health  care 
firm.  Thomas  prevailed,  and  the  con¬ 
tract  was  signed  with  the  strike  provi¬ 
sion  excluded.  Sure  enough,  the  ven¬ 
dor’s  employees  did  strike,  causing 
a  delay  for  other  customers,  but  not 
for  Thomas’  client.  The  vendor  was 
required  to  complete  the  project  on 
time,  so  it  subcontracted  the  work. 


Thomas  also  notes  that  the  increas¬ 
ing  use  of  offshore  subcontractors, 
especially  in  politically  unstable  re¬ 
gions  such  as  India  and  Pakistan,  raises 
the  risk  that  force  majeure  will  be  in¬ 
voked.  And  vague  wording  can  provide 
excuses  even  if  the  vendor  isn’t  direct¬ 
ly  affected  by  the  force  majeure  trigger, 
McKenzie  warns.  “Some  of  these  [ter¬ 
rorist  clauses]  are  so  broadly  written 
that  vendors  can  delay  today  [and] 
continue  the  delay  as  long  as  war  on 
terrorism  continues,”  she  says. 

Know  Your  Needs 

Although  companies  include  their 
legal  departments  in  contract  nego¬ 
tiations,  IT  managers  need  to  be  edu¬ 
cated  about  force  majeure  because 
they  may  be  in  a  better  position  to 
realize  which  clauses  are  likely  to 
cause  trouble  in  IT. 

As  the  buyer,  a  company  can  negoti¬ 
ate  what  is  and  isn’t  included  as  a  force 
majeure  trigger.  In  some  cases,  a  com¬ 
pany  might  want  to  exclude  such  a 
provision  entirely.  For  example,  force 
majeure  clauses  have  no  business  be¬ 
ing  included  in  disaster  recovery  con¬ 
tracts,  McKenzie  says.  Otherwise,  the 
same  disaster  that  triggers  the  recov¬ 
ery  service  can  trigger  the  vendor’s 
excuse  for  nonperformance.  “Force 
majeure  is  a  negotiated  provision," 
McKenzie  says.  “It  doesn’t  have  to  be 
in  the  contract.” 

That  also  goes  for  deals  involving 
critical  computer  systems  like  those 
for  patient  care  or  point  of  sale  that 
simply  can’t  be  delayed  by  vendor 
nonperformance.  If  that’s  the  case  and 
the  vendor  says  it  can’t  live  without 
force  majeure,  find  another  vendor, 
McKenzie  says. 

There  are  more  potential  difficulties 
in  these  clauses.  Some  provisos,  for 
example,  say  the  buyer  can’t  terminate 
the  contract  during  a  force  majeure 
event,  regardless  of  the  event’s  duration, 
yet  still  require  the  buyer  to  continue 
payments  even  though  services  have 
ceased.  Even  if  the  contract  does  allow 
a  buyer  to  terminate,  the  company  may 
be  hamstrung  by  confidentiality  agree¬ 
ments  that  prohibit  third-party  access 
to  vendor  products  already  in  place, 
says  F.  Elgin  Ward,  an  attorney  and  se¬ 
nior  consultant  at  International  Com¬ 
puter  Negotiations  Inc.,  an  IT  procure¬ 
ment  consultancy  in  Winter  Park,  Fla. 

There  are  many  ways  a  company  can 
protect  itself,  but  picking  the  right  ven¬ 
dor  should  be  the  first.  Be  sure  the  ven¬ 
dor  has  done  what  it  can  to  assure  that 
force  majeure  will  never  be  invoked.  For 
example,  does  the  vendor  subcontract 
in  trouble  spots  around  the  word?  Is  it 


Here  are  some  items  to  consider 
adding  to  your  contract: 

■  The  vendor  should  be  relieved  of  liabil¬ 
ity  only  if  it  couldn't  have  known  about 
the  force  majeure  event  beforehand  and 
couldn't  have  taken  reasonable  steps 

to  prevent  it,  and  if  the  event  not  only 
occurs  but  also  actually  prevents  the 
vendor  from  performing. 

■  if  the  vendor  can't  carry  out  all  of  its 
responsibilities  because  of  force  nm~ 
jeure,  it  should  still  do  as  much  as  it  can. 

■  The  vendor  should  take  reasonable 
action  to  minimize  the  force  majeure .  if 

.  the  vendor's  building  burns  down  but  it 
has  another  location  to  which  it  could 
transfer  the  work,  it  should  do  so. 


■  The  buyer  should  be  free  to  obtain 
substitute  performance  without  paying 
a  penalty  during  periods  of  force  ma- 


■  All  payments  or  ether  obligations  of 
the  buyer  to  the  vendor  should  be  sus¬ 
pended  during  the  force  majeure  event 
if  trie  event  continues  beyond  a  buyer- 
specified  time  (30  or  60  days,  for  exam¬ 
ple),  either  party  should  be  free  to  de¬ 
clare  the  contract,  terminated. 


-  Kathleen  Melymuka 


dependent  on  sole-source  suppliers? 
Are  its  finances  and  labor  relations  sta¬ 
ble?  Does  it  have  multiple  sites?  Does  it 
have  a  good  disaster  recovery  plan? 

“If  the  vendor’s  disaster  planning  is 
a  force  majeure  clause,  it  doesn’t  have 
very  good  disaster  planning,”  Ey  says. 
“Know  who  you’re  dealing  with.  It’s 
due  diligence.”  I 


Melymuka  is  a  Computerworld 
contributing  writer.  Contact  her  at 
kmelymuka@earthlink.net. 
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Think  of  it  as  an  engine  for  your  network. 

(A  souped-up,  highly  customized, 
street-racing  engine  for  your  network.) 

Our  new  servers  were  engineered  to  get  the  maximum  performance  from  your 
network.  Look  under  the  hood::  You'll  find  powerful  Intel  Xeon  processors 
with  Hyper-threading  technology  and  huge  hard  drives..  Which  means  faster 
response  times  and  processing  power  for  you.  Take  a  closer  look  and  you’ll 
see  we’ve  upgraded  everything  except  the  price.  The  sleek  new  case  design 
takes  up  little  room,  yet  gives  you  plenty  of  room  to  grow.  And  new  server 
manageability  features  maximize  performance  and  availability.  For  a 
customized  network!  g  solution,  just  combine  the  Gateway  960  Series  server 
and  network  services.  Want  to  see  your  network  perform?  Call  1-888-203-4557. 

Gateway  960  Series  Server 

Tlie:  flexibility,  to  fulfill;  today's,  needs-  with  the  performance  to  -address  tomorrow's  re  flui  rente  fits 
Intel  Xeon  Processor  1.80GHz  with  512KL2  Cache*  256  MB  PC  1 600  DDR  ECO  SDRAM  (expandable  io4GB-) 

1:8  GB  Ultra  160 '( 10K)  SC  A  SCSI  Hard  Drive  «  Single  4  50 -Watt  P$2  Power  Supply  •  Six.  PCI  Expansion-  Slots 
awd:  Eight  Drive  Bays  •  HP-  .Q;p-e:nVi.ew  MaitagtX  Event  Managef  Integrated. PCI  Graphics  with  4.-M8 
SDRAM  •  Integrated  Intel'  i  0/ 100/1 00Q.  Ethernet'*  I^Yeaf  Parts.  Labor  and  On -Site.  Limits#  Warranty' 

$1499 

Gateway  etworking  Solutions 

Gateway  gives  you  a  single  point  of  contact  to  manage  every  stage  of  your  network  life  cycle.  As  a  networking  expert,  Gateway  provides  comprehensive  integration  and  installation  services — from  network 
planning  and  consultation,  to  customized  technology  s  itiotls  that  optimize  your  network  infrastructure. 

Network  Planning:  and  Design- Gateways  local  network  service  provider  will  set  up.  a  network. consultation  to  discuss  your  business  objectives  and  technology  needs,  including  an  evaluation  of  your  work  site 
and  current  computer  hardware  and  software.  Based  on  the.  consultation,  Gateway  will  develop  a  custom  network  design  including  recommended  hardware,  software,  Installation,  services  and  associated  time, 
and  casts  for  implementation.. 

Custom,  Integration  and  Installation -Put  your  new  Gateway  systems  to  work  right  out  of  the  box..  Gateway  can  deliver  servers  preconfigured  to  your  exact  specifications  and  install  third-party  hardware  and 
software  right  in  our  factory,  so  your  server  arrives  equipped  with  your  own  programs  and  applications  Gateway  can  also  help  set  up  server  hardware  as  well  as  install  the  entire  network.  Installation  services 
include  cabling  and  wiring,  connecting  interface  cards  and  hubs,  data  transfer  to  new  PCs.  configuring  network  settings  and  software  installation,  and  setting  up  shared  drives,  printers  and  other  network  devices. 
On-Site  Service  and  Support- Gateway's,  fast-response  system,  brings  skilled  technical  professionals  to  you  with  minimal  delay.  Gateway’s  local  network  service  provider  can  be  on  site  in  as  little  as  four  hours, 
while  Gateway's  Network  Support  Center,  staffed  by  certified  Microsoft and  Novell  engineers,  provides  24/7  technical  phone  support. 
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XEON 


1-888-203-4557 


Gateway  recommends  Microsoft  Windows  XP  Professional  for  Business. 


Gateway 

gateway.com  ,  AOt  Keyword:  Gateway , 


Prices  and  configurations  subject  to  change  without  notice  or  obligation.  Prices  exclude  shipping  and  handling  and  taxes.  Not  responsible  for  typographical  errors.  Limited  warranties  and  service  agreements  appty;  visit  gatewaycom  or  call  1-800-846-2000 

for  a  free  copy  Technician  will  be  dispatched,  if  deemed  necessary  by  Gateway,  following  other  troubleshooting  methods.  On-Site  service  not  available  in  all  locations:  you  may  be  required  to  take  or  send  your  product  to  ao  authorized  service  location  On-site 
service  excludes  mice,  keyboards,  docking  stations  ,  external  peripherals  and  monitors,  ©2002  Gateway.  Inc.  All  rights  reserved.  Gateway  Terms  and  Conditions  of  Sale  apply  Gateway  com  and  Gateway  Country  Stores,  LLC.  are  separate  legal  entities.  Gateway, 
the  Gateway  S'tyli-zed  Logo- and  Black-and-white-  Spot  Design  are  trademarks  or  registered  trademarks  of  Gateway.  Inc.  in  the  U  S  and  other  countries.  The  Intel  Inside  Logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its 
subsidiaries  m  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation.  All  other  brands  and  product  names  are  trademarks  or  registered  trademarks  of  their  respective  companies.  Ad  Code:  009230 
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Economy 
Caps  Security 
Spending 

Even  with  flat  budgets,  companies  are  taking  business 
continuity  into  their  own  hands.  By  Thomas  Hoffman 


AS  TRAGIC  AS  THEY  WERE,  the 
Sept.  11  attacks  were  only  a 
temporary  wake-up  call  to 
slumbering  CEOs  who  still 
don’t  seem  to  be  convinced  of 
the  need  to  open  up  the  cor¬ 
porate  coffers  and  invest  more 
in  IT  security. 

Though  the  federal  government  has 
doubled  IT  security  spend¬ 
ing  within  most  agencies 
this  fiscal  year,  the  worsen¬ 
ing  economy  and  resulting 
IT  budget  cutbacks  have 
conspired  to  keep  increases 
for  corporate  IT  security  spending  to  a 
minimum.  Average  security  spending 
has  risen  by  just  $200,000  per  organi¬ 
zation  this  year  to  an  average  of  $3.9 
million,  according  to  the  ninth  annual 
Network  World  500  survey  released  in 
May.  Five  hundred  networking  IT  ex¬ 
ecutives  at  companies  with  1,000  or 
more  employees  took  part  in  the  study. 

“Until  there  is  an  Exxon  Valdez,  until 
there  is  an  obvious  security  breach 
that  badly  damages  a  company’s  repu¬ 
tation,  there  probably  won’t  be  a  big 
push”  to  increase  IT  security  spending, 
says  Cathy  Hotka,  vice  president  of  IT 
at  the  National  Retail  Federation  in 
Washington. 

But  a  combination  of  events  since 
the  attacks,  among  them  a  perceived 
over-reliance  on  third-party  service 
providers  such  as  Comdisco  Inc.,  has 
led  many  organizations  to  re-evaluate 
their  business  continuity  strategies. 
Like  many  other  CIOs,  Roy  Swack- 


hamer  at  CNF  Inc.  says  that  his  Palo 
Alto,  Calif.-based  company  had  stan¬ 
dard  practices  in  place  prior  to  Sept.  11. 
Surveillance  cameras,  identification 
badges  and  security  personnel  pa¬ 
trolling  multiple  facilities  were  used, 
along  with  IT-specific  security  systems 
for  the  company’s  Windows  NT  and 
Internet  systems.  So  while  IT  spending 
has  remained  flat,  Swack- 
hamer  says  the  $4.9  billion 
provider  of  global  supply 
chain  services  has  put  aside 
a  portion  of  its  IT  budget  to 
build  an  emergency  opera¬ 
tions  center  about  25  miles  away  from 
its  main  campus  in  Portland,  Ore.,  in 
case  of  an  isolated  disaster,  such  as  a 
power  outage  or  fire. 

The  reason?  After  Sept.  11,  business 
continuity  providers  such  as  Rose- 
mont,  Ill-based  Comdisco  and  Wayne, 
Pa.-based  SunGard  Data  Systems  Inc. 
were  inundated  with  more  disaster  de¬ 
clarations  than  they  could  handle,  says 
Swackhamer.  “That’s  what  the  senior 
executives  really  stood  up  and  took 
notice  of,”  he  adds. 

A  spokeswoman  for  SunGard  dis¬ 
missed  claims  that  the  service  provider 
was  “overwhelmed”  with  disaster  dec¬ 
larations  after  the  Sept.  11  attacks.  “Nei¬ 
ther  SunGard  nor  Comdisco  [Availabil¬ 
ity  Solutions  unit,  which  SunGard  ac¬ 
quired  in  November  2001]  had  those 
problems,”  the  spokeswoman  said. 

SunGard  estimates  that  it  used  just 
10%  to  15%  of  its  legacy  systems  capac¬ 
ity  following  Sept.  11.  But  SunGard  of¬ 


ficials  acknowledged  that  end-user 
seats  for  its  Jersey  City,  N.J.,  facility 
were  “fully  utilized,”  with  overflow 
directed  to  its  Philadelphia  site,  where 
more  than  100  end-user  seats  were 
left  unused. 

CNF  is  also  in  discussions  with  an¬ 
other  Portland-area  Fortune  500  busi¬ 
ness  about  creating  a  reciprocal  agree¬ 
ment,  whereby  if  one  of  the  firms  suf¬ 
fers  a  fire  or  a  facility-specific  disaster, 
it  can  move  people  and  operations  to 
the  other  company’s  facilities,  says 
Swackhamer.  The  two  firms  are  also 
discussing  the  possibility  of  building  a 
joint  facility  to  handle  the  relocation  of 
people  and  systems  in  the  event  of  a 
regional  disaster,  he  says. 

Hole  in  the  Middle 

Other  IT  executives  are  making  sim¬ 
ilar  evaluations.  For  instance,  Eastman 
Chemical  Corp.  built  a  secondary  tech¬ 
nology  center  25  miles  from  its  Kings¬ 
port,  Tenn.,  data  center  that  went  live 
in  March,  says  CIO  Jerry  Hale.  The  de¬ 
cision  to  build  the  backup  center  was 
made  prior  to  Sept.  11.  Eastman  Chemi¬ 
cal  had  determined  that  its  IT  systems 
had  grown  too  complex  to  receive  and 
process  electronic  customer  orders  in 
under  three  or  four  days  with  the 
mainframe  and  distributed  computing 
disaster  recovery  providers  it  had  been 
working  with,  says  Hale. 

“Post-9/11,  one  of  the  things  we  rec¬ 
ognized  is  that  we  needed  to  have 
more  of  a  pragmatic  view  toward  dis¬ 
aster  recovery,”  says  Frank  Hood,  vice 
president  of  information  services  at 
Krispy  Kreme  Doughnut  Corp.  in 
Winston-Salem,  N.C. 

At  the  time  of  the  attacks,  the  $621.7 
million  company  was  scheduled  to  test 
its  business  continuity  preparedness  at 
a  SunGard  site  in  New  Jersey.  But  be¬ 


cause  the  vendor  had  to  field  so  many 
disaster  declarations  from  New  York- 
area  companies  after  the  attacks, 
Krispy  Kreme  had  to  conduct  testing 
at  a  SunGard  facility  in  Chicago. 

Hood  says  he  understood  the  situa¬ 
tion,  but  the  switch  made  him  recon¬ 
sider  his  options.  “For  a  company  like 
Krispy  Kreme,  time  is  money,  and 
even  if  you  can  minimize  your  down¬ 
time  by  a  few  hours  and  control  your 
own  destiny,  that’s  the  better  route  to 
take,”  he  explains. 

Since  then,  Krispy  Kreme  has  co¬ 
located  Wintel-based  Hewlett-Packard 
Co.  e-mail  file  servers  at  a  new  manu¬ 
facturing  facility  in  Effingham,  Ill.,  to 
ensure  redundancy  of  e-mail,  in  case  a 
link  is  broken  at  its  headquarters  in 
Winston-Salem.  While  Krispy  Kreme 
intends  to  honor  its  contract  with  Sun¬ 
Gard  for  its  remaining  12  to  15  months, 
the  company  plans  to  shift  its  backup 
processing  to  Effingham  once  the  con¬ 
tract  ends,  says  Hood. 

Although  funding  for  vulnerability 
assessments  on  Krispy  Kreme’s  Inter¬ 
net  and  intranet  systems  was  proposed 
before  Sept.  11,  the  attacks  helped  se¬ 
cure  the  investment  with  board  mem¬ 
bers  in  November,  thus  increasing 
Krispy  Kreme’s  annual  IT  security 
spending  from  about  $15,000  to 
$20,000  to  about  $50,000. 

But  a  year  after  9/11,  will  IT  security 
spending  get  enough  of  an  extra  punch? 
CEOs  “can  relate  to  physical  security, 
they  can  relate  to  a  break-in,  but  they’re 
not  aware  of  what  data  security  means 
to  their  companies,”  Hotka  says,  i 


SECURITY  PATCH  WORK 

Many  CIOs  are  finding  that  the  large  number  of  patches 
issued  by  software  vendors  are  taxing  their  resources: 
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Justifying  IT  Security  Spending 

How  important  is  financial  justification  for  securing  internal  funding 
for  the  following  types  of  projects? 

IT  security 
CRM 

Supply  chain  management 
Communications  services 
Electronic  procurement 
Payment  processing 
Mobile  commerce 
E-learning 
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Breathing  New  Value 
Into  Old  Computer  Code 


“Worldwide,  there  are  well  over 
200  billion  lines  of  software 
that  are  fragmented,  redun¬ 
dantly  defined,  hard  to  deci¬ 
pher,  and  highly  inflexible. 
These  systems,  which  have  been 
functioning  for  decades, 
have  survived  revolu¬ 
tions  in  software,  hard¬ 
ware  and  the  Internet. 

Now,  with  IT  on  the 
cusp  of  a  new  era  in  which 
handcrafted  coding  techniques 
are  being  supplanted  by  compo¬ 
nent-based  development  and 
Web  services,  organizations 
run  the  risk  of  being  mired 
down  by  a  mountain  of  legacy 
code.” 


So  begins  William  Ulrich’s 

latest  book,  Legacy  Systems: 
Transformation  Strategies 
(Prentice  Hall  PTR,  2002).  The 
book,  Ulrich’s  third  on  the  sub¬ 
ject,  provides  a  step-by-step 

guide  for  incorporating 
critical  data  and  func¬ 
tionality  locked  in 
legacy  applications 
into  newer,  Web-based 
systems.  It  also  lays  out  de¬ 
tailed  deployment  options  for 
implementation  teams.  Even 
before  all  the  uproar  over  Y2k, 
Ulrich,  president  of  Tactical 
Strategy  Group  Inc.  in  Soquel, 
Calif,  and  a  former  Computer- 
world  columnist,  was  an  ardent 


evangelist  about  the  need  for 
companies  to  first  inventory 
and  then  integrate  their  legacy 
applications.  He  talked  about 
the  issue  recently  with  Com- 
puterworld’s  Julia  King. 

If  legacy  systems  are  so  impor¬ 
tant,  what’s  holding  companies 
back  from  consolidating  and 
transforming  them  for  use  via 
the  Web?  The  first  challenge  is 
understanding  what  these  sys¬ 
tems  do  and  how  they  relate 
back  to  the  business.  A  lot  of 
these  systems  support  a  cross¬ 
functional  activity  across  the 
enterprise. 

When  you  need  to  invoke  a 


WILLIAM  ULRICH 


t  '  Tactical  Strategy 

Ulrich  is 

-  of  the  Flashline  Software 
Development  Productivity  Council,  which  focuses 
on  software  reuse  issues. 


change  or  retool  a  function 
that  flows  across  organization¬ 
al  boundaries,  you  don’t  know 
what’s  impacted.  What  results 
is  an  extended  delay. 

Didn’t  companies  gather  most  of 
this  information  during  their  Y2k 
projects?  The  irony  of  it  all  is 


that  many  organizations  spent 
anywhere  from  $10  million  to 
$50  million  to  $100  million  on 
Y2k  projects.  They  spent  all 
this  money  stabilizing  their 
legacy  systems  without  deriv¬ 
ing  any  value  other  than  keep¬ 
ing  them  running.  Some  of  the 
Continued  on  page  52 


Foundation  for  Data  Security 

■  Ensure  the  integrity  of  your  data 

Sf  Instant  assessment  of  system  state,  reporting 
“integrity  drifts" 

Maximize  System  Uptime 

■  Eliminate  risk  and  uncertainty 

■  Enable  quick  restoration  to  a  desired  state 
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Increase  Control  and  Stability 

HI  Ongoing  monitoring  and  reporting 

Lower  Costs 

■  Find  and  fix  problems  quickly  and  precisely  - 
no  more  guess  work 

Your  firewalls  and  intrusion  detection  tools  alone  are 
not  enough  to  keep  systems  trustworthy.  Tripwire's  data 
integrity  assurance  products  are  the  only  way  to  know 
with  100%  confidence  that  your  data  remains  uncompro¬ 
mised.  For  nearly  10  years  Tripwire  has  been  helping  IT 
professionals  know  exactly  what's  changed  on  their 
systems,  and  helping  them  to  recover  quickly. 


For  a  FREE  30-day 
fully-functional  eval, 

call  toll-free:  1.800.TRIPWIRE 
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today! 
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. 

■tJZjP  ri* 
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tutorials,  general  sessions,  the  Interoperability 
and  Solutions  Demo  ...  plus  enjoy  a  complete 
conference  package  including  the  Expo,  meals, 
receptions,  gala  dinner,  and  golf  for  IT  users 


Fran  Dramis 

CIO 

BellSouth 


Witness  the  V  jrld’s  Foremost...  where  you  can  "play  in  the  SANdbox” 
Interonerabi  tv  and  see  50+  companies  prove  that  their 
and  Solutions  Demo  solutions  work  together 


"Dealing  with 
Vast  Amounts  of  Data” 


Pre-Conference..  .  complimentary  golf  outing 
Golf  Outing  for  registered  IT  Users 


Sponsored  by 

& 
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moreinformationvisit  www.snwusa.com/agenda  or  call  1-800-883-9090  (1-508-820-8159) 

T  spi  n  or  and  pe  rtici  ite,  call  Ann  Harris  at  1-508-820-8667 
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Continued  from  page  50 
other  benefits  they  could  have 
derived,  they  didn’t.  They  had 
an  inventory  of  all  systems,  all 
applications  and  interfaces  to 
all  systems  in  one  repository. 
But  then,  instead  of  taking  that 
and  building  upon  it,  they  took 


those  inventories  and  shoved 
them  on  a  shelf  or  deleted 
them  and  took  the  people  who 
worked  on  them  and  sent 
them  out  to  pasture,  and  we 
lost  all  the  intelligence  that 
was  derived  from  that  Y2k 
window. 


What  should  companies  be 
doing?  There  should  be  a  strat¬ 
egy  behind  how  organizations 
as  a  whole  are  going  to  ad¬ 
dress  their  legacy  issues,  so 
each  time  an  issue  comes  up  it 
doesn’t  become  a  fire  drill  in 
one  more  quick-fix  approach. 


Understand  your  systems  at  a 
macro  level.  Know  what  sys¬ 
tems  support  which  users  and 
which  customers. 

How  much,  if  at  all,  is  a  lack  of 
mainframe  skills  a  factor  in  this 
whole  issue?  I  believe  it’s  more 
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a  lack  of  understanding  of 
what  needs  to  be  done  and 
how  to  approach  it.  I  get 
e-mails  all  the  time  from  peo¬ 
ple  with  mainframe  skills  who 
are  available  to  do  work.  I 
don’t  think  we’re  lacking  the 
technical  skills.  I  think  right 
now  we’re  lacking  the  execu¬ 
tive  leadership  to  undertake 
these  initiatives. 

But  money  talks.  Is  there  not  a 
compelling  business  reason  for 
companies  to  launch  these  lega¬ 
cy  integration  or  transformation 
projects,  as  you  call  them?  If 
there’s  a  situation  where  mul¬ 
tiple  business  units  are  doing 
the  same  things  and  they’re 
supported  by  multiple  redun¬ 
dant  systems,  there’s  a  huge 
savings  to  be  had.  Once  you 
understand  this  issue,  you  can 
start  to  see  the  [problems  it 
causes]  in  your  day  day-to-day 
life.  For  example,  I  had  a  long¬ 
distance  telephone  service 
provider  call  me  six  times  try¬ 
ing  to  flush  out  a  problem  in 
my  account.  Six  people  from 
the  company  told  me  this 
problem  was  in  their  database, 
and  each  time  I’d  give  them  a 
confirmation  code,  none  of 
them  could  check  that  confir¬ 
mation  code  against  their  sys¬ 
tem.  All  were  working  in  the 
same  company,  but  they  were 
working  with  six  different 
databases  with  wrong  infor¬ 
mation  about  my  account. 

This  same  organization  talks 
about  cutting  costs  and  getting 
rid  of  its  IT  people.  The  way 
to  cut  costs  is  to  consolidate 
databases  and  get  rid  of  five  of 
the  six  people  who  called  me. 

What  can  IT  managers  be  doing 
to  address  this  legacy  issue,  if, 
as  you  say,  the  decision-making 
power  is  in  the  hands  of  CEOs 
and  chief  financial  officers?  The 
IT  managers  are  pretty  smart 
about  this  topic,  but  they 
aren’t  going  to  put  their  job  on 
the  line  to  bring  this  issue  to  a 
head.  The  IT  manager  does 
continue  to  wave  a  flag, 
though.  Try  to  be  articulate 
about  what  needs  to  be  ac¬ 
complished.  Walk  into  senior 
management  with  variations 
on  approaches  that  impact  the 
underlying  architecture.  Take 
a  look  at  benefits  that  can  be 
derived  along  with  the  costs.  I 


Complete  SAN  LAN  performance  tools. 

Finisar  has  been  offering  its  customers  the  tools  necessary  to  increase  efficient 
network  operation  for  over  14  years.  Finisar’s  family  of  network  analysis  and 
performance  testing  products  ensure  optimum  performance  through  constant 
monitoring,  measuring  and  analysis;  locating  and  repairing  problems  before 
they  cause  an  impact. 

Listening  to  customer  needs,  we  develop  products  that  are  flexible  and  scalable 
to  grow  and  evolve  with  today's  SAN  and  LAN  environments.  No  other  company 
offers  products  as  easy-to-use  and  easy-to-implement. 

Take  a  test  drive. 

Remove  the  gridlock  from  your  network.  Test  drive  Finisar  Performance  Tools  at 
www.finisar.com/testdrive 

NetWorld+Interop/Comdex,  Atlanta  *  Storage  Decisions  2002,  Chicago  *  Gartner  IT,  Orlando 
CTIA  Wireless,  Las  Vegas  San  Diego,  San  Francisco,  Seattle,  Chicago,  Dallas,  Atlanta,  Boston  &  New  York 


Seminar 
www.finisar.com/events 
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Only  39%  of  hacker  attacks  are  targeted  at 
a  specific  company.  Maybe  you’ll  get  lucky. 


Then  again,  can  you  really  afford  to  gamble  with  your  corporate  data  and  brand? 

Which  prompts  the  question:  if  you  don’t  protect  your  enterprise  from  Trojan  horses  and  spyware  programs  now,  then  when  will  you? 

Fortunately,  Zone  Labs  offers  a  simple,  proven,  and  affordable  way  to  stack  the  odds  in  your  favor.  Our  security  solutions  maintain 
your  good  reputation  and  safeguard  critical  data  by  protecting  your  enterprise  network  from  hacker  attacks  that  evade  perimeter 
firewalls,  antivirus,  and  IDS.  In  fact,  Zone  Labs  Integrity™  is  the  distributed  firewall  solution  that  protects  data  and  productivity  by 
securing  vulnerable  remote  and  mobile  PCs.  So  whether  you  need  centrally  managed  security  or  a  stand-alone  solution,  Zone  Labs 
is  a  safe  bet  to  protect  your  entire  enterprise  network. 

To  see  how  your  company  measures  up,  complete  a  free  security  risk  assessment  at  www.zonelabs.com/securityROI  or  call 
us  at  1-877-876-4960.  Chances  are,  we  will  have  the  right  security  solution  for  your  needs. 


ZLDNE 


LABS 

SMARTER  SECURITY 


*  Source:  C8SNEWS.com.  Riptech  Internet  Security  Threat  Report.  2001.  ©  2002  Zone  Labs.  Inc.  All  rights  reserved.  The  Zone  Labs  logo  is  a  registered  trademark  of  Zone  Labs.  Inc.  Zone  Labs  Integrity  and  Smarter  Security  are  trademarks  of  Zone  Labs,  Inc 
Zone  Labs  Integrity  protected  under  U.S.  Patent  No.  5,987,61 1.  Reg.  U.S.  Pat  4  TM  Off.  v.080902 
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Dear  Career  Adviser: 

Ym  a  systems  administrator  with  20  years  of  experience, 
mainly  on  the  AS/400  platform.  In  addition  to  my  ad¬ 
ministration  duties,  I  program  in  both  Cobol  and  RPG 
IV.  What  new  skills  do  I  need  to  keep  pace  with  the  mar¬ 
ket  and  enhance  my  chances  for  advancement? 

—  Ann  Arbor  Alice 


Dear  Alice: 

You  should  consider  adding 
Linux  to  your  base  of  exper¬ 
tise,  according  to  Adam  Jol- 
lans,  manager  of  IBM’s 
Somers,  NY. -based  World¬ 
wide  Linux  Marketing  Strat¬ 
egy  Software  Group. 

Hardware,  software  and 
database  vendors  such  as 
IBM,  Sun  Microsystems  Inc., 
Hewlett-Packard  Co.  and  Ora¬ 
cle  Corp.,  as  well  as  govern¬ 
ment  and  commercial  end 
users,  are  moving  at  least  part 
of  their  operations  over  to 


Linux  as  a  way  of  reducing 
costs  and  expanding  vendor 
relationships  from  working 
with  just  one  to  taking  an 
open-source  approach. 

“IBM  invested  $1  billion 
and  has  nearly  recouped  that 
investment,  completing  4,600 
customer  engagements  and 
reaping  300  customer  refer¬ 
ences,”  notes  Jollans. 

Should  this  sort  of  move  be 
appealing  to  you,  first  visit 
www.ibm.com/servers/eserver 
/iseries/linux/,  since  IBM’s 
eServer  iSeries  platform  (for¬ 


merly  the  AS/400)  now  sup¬ 
ports  Linux.  Then  go  for  cer¬ 
tifications  from  the  Brampton, 
Ontario-based  Linux  Profes¬ 
sional  Institute  (www.  lpi.org) 
or  Raleigh,  N.C.-based  Red 
Hat  Inc. 

These  are  especially  good 
strategies  because  it  will  allow 
you  to  acquire  the  knowledge 
and  get  yourself  started  in  an 
area  that  puts  you  somewhat 
ahead  of  the  curve. 

“Linux  skills  around  IBM, 
HP  and  Sun  are  very  portable,” 
says  Jollans. 


Finally,  you  should  under¬ 
stand  that  while  moving  down 
this  new  path  will  certainly 
be  stimulating,  it  isn’t  entire¬ 
ly  risk-free,  and  it’s  best  to 
have  a  suite  of  in-depth  tech¬ 
nical  skills  that  all  build  on 
one  another. 

People  who  have  back¬ 
grounds  in  Linux,  Microsoft, 
Cisco,  DB2  or  Oracle  —  with 
experience  in  application  in¬ 
frastructure,  network  topology 
and  databases  —  can  make  six 
figures,  even  in  the  current 
economic  environment. 

For  a  look  at  the 
merits  of  a  Red 
Hat  certification 
vs.  a  vendor-neu¬ 
tral  one  from  the 
Linux  Profession¬ 
al  Institute,  check 
out  a  recent  salary 
survey  from  Com¬ 
puter  Reseller 
News  on  the  Web 
at  www.crn.com/ 
sections/special/ 
ssurvey/ssurvey02. 
asp?  ArticleID= 

35952. 


if  Dear  Career  Adviser: 

I  have  a  degree  in  computer 
science  and  have  worked  in  the 
video  game  field.  I  have  about 
four  years  of  experience  in  Web 
development,  but  I  would  like 
to  work  in  other  markets. 

—  Growing  Up 

Dear  Growing: 

Your  background  is  perfect 
for  developing  “immersive” 
interactive  virtual  reality  plat¬ 
forms  and  systems,  says  Lance 
Loesberg,  executive  vice  presi¬ 
dent  of  VirTra  Sys¬ 
tems  Inc.  in  Ar¬ 
lington,  Texas.  You 
will  want  to  show 
that  you  can  inte¬ 
grate  a  variety  of 
devices  that  ac¬ 
commodate  track¬ 
ing  capabilities 
and  develop  a 
360-degree  world. 
This  may  involve 
using  artificial  in¬ 
telligence,  comput¬ 
er  graphics,  sound 
or  3-D  tools.  I 


fran  quittel  is  an  expert 
in  high-tech  careers  and 
recruitment.  Send 
questions  to  her  at 

www.computerworld.com/ 

career.adviser. 


WORKSTYLES 

IT  Helps  Carlson 
Build  Relationships 


What  are  the  most  critical  sys¬ 
tems  supported  by  your  depart¬ 
ment?  “Our  company  designs 
and  executes  relationship 
marketing  programs  that 
allow  our  customers  to  build 
better  relationships  with  con¬ 
sumers,  partners  or  their  em¬ 
ployees.  My  group  develops 
and  supports  the  database 
and  applications  used  to  au¬ 
tomate  various  aspects  of 
those  programs.  We  support 
close  to  75  custom  applica¬ 
tions  for  various  clients  at 
any  given  time.  An  example 
might  be  a  consumer  loyalty 
program,  such  as  a  frequent- 
flier  program. 

“Our  business  operations 
staff  loads  all  the  consumer 


activity  onto  the  system, 
which  at  the  end  of  the 
month  generates  the  reports 
and  sends  out  statements  to 
all  the  program  participants. 
There’s  a  back-office  piece 
of  the  system  that  our  own 
internal  operations  staff  uses 
and  a  client-facing  piece  that 
is  viewable  through  the  Web.” 

How  would  you  describe  the 
pace  of  the  work?  “It’s  steady. 
We’ve  been  very  busy  this 
year,  and  the  challenge  is 
time  to  market.  The  time 
from  idea  to  execution  is 
very  short'.  Clients  don’t 
want  to  wait  months  to 
launch  a  new  marketing 
campaign.” 


How  would  you  describe  the 
overall  IT  culture  at  your  com¬ 
pany?  “We  do  have  our  own 
identity  as  a  group,  and  yet 
we  are  very  aligned  with  the 
business.  For  instance,  all  the 
IT  leaders  report  up  to  the 
respective  general  managers. 
And  all  of  our  IT  people  are 
co-located  with  operations 
and  administrative  people 
who  use  the  system.  When 
we  have  client  meetings, 

IT  is  typically  brought  into 
those  meetings.  They  know 


technology  is  a  major  com¬ 
ponent  of  the  value  we  bring 
to  the  client  program,  and 
they  want  our  input. 

“We  have  a  day  care  on 
campus,  flextime,  and  we 
provide  laptops  and  virtual 
private  network  connectivity 
for  people  who  need  to  work 
at  home. 

What  do  you  like  best  about 
how  career  advancement  and 
training  are  handled  at  your 
company?  “We  have  an  em¬ 


ployee  task  force  within  the 
IT  organization,  and  three 
years  ago,  the  group  came  up 
with  a  suggestion  to  offer  an 
on-site  master’s  of  software 
engineering  program  for 
people  who  might  be  inter¬ 
ested  in  getting  an  advanced 
degree.  We  worked  it  out 
with  the  University  of  St. 
Thomas,  and  we  not  only 
offer  it,  but  the  company 
pays  for  it. 

“Our  first  24  people  are 
graduating  in  December,  and 
we’ve  got  another  group  of 
about  20  halfway  through.” 

What  do  you  think  makes  your 
company’s  IT  department 
unique?  “People  get  the  op¬ 
portunity  to  work  directly 
with  clients  of  the  company. 
We  work  in  small  teams,  so 
you  also  get  exposed  to  all 
aspects  of  the  software  de¬ 
velopment  life  cycle  early 
in  your  career.” 

-MaryBrandel 

brandels@at1bi.com 


Carlson 
Marketing  Group 

Interviewee:  Bob  Keller,  senior  director  of  IT 

Type  of  business:  An  operating  group  of 
Minneapolis-based  Carlson  Cos.,  a  relation¬ 
ship  marketing  company  that  designs  mar¬ 
keting  solutions  such  as  performance  im¬ 
provement  and  consumer  loyalty  programs. 

Number  of  IT  employees:  150  in  the 

U.S.;  nearly  300  worldwide 


Dell  server  consolidation. 

Saves  money. 

Saves  space. 

Spells  doom  for  your  old  servers. 


* 


Dell  |  Enterprise 

Consolidate  with  Dell  and  you'll  need  to  find  a  new  use  for  your  old  servers. 

What  kind  of  server  consolidation  solutions  does  Dell  bring  to  your  enterprise?  Just  what  you'd  expect:  A  legendary  focus  on  you, 
the  customer,  that's  as  relentless  as  our  focus  on  driving  down  costs.  An  end-to-end  solution  that  saves  you  money  today  and 
tomorrow  by  delivering: 


Dell  PowerEdge"  Servers  use  Intel •  Xeon'1  Processors. 


«  Maximum  flexibility,  manageability,  value  and  price/performance.  Our  new  line  of  PowerEdge”  servers,  powered 
by  Intel®  Xeon®  processors,  that  consistently  rank  at  the  top  of  industry  benchmarks  such  as  TPC*  Collectively  lowering 
TCO  and  accelerating  time  to  ROI. 

«  Optimized  uptime/maximized  investment.  Dell's  new  systems  management  solutions  deploy  software,  tools  and 
services  which  simplify  and  automate  server  systems  administration.  Leveraging  your  IT  resources  and  maximizing 
your  IT  dollar. 

«  Server  consolidation  services.  Our  comprehensive  portfolio  includes  consolidation  readiness  assessment, 
consolidation  design  and  transformation,  customer  training  and  certification,  deployment  and  high  availability 
support  services. 

«  Flexible  financing  alternatives.  Dell  gives  you  a  variety  of  financing  avenues  designed  to  help  you  optimize  ROI. 


For  nearly  20  years,  we've  revolutionized  the  way  the  world  buys  and  manages  technology.  Now  find  out 
»»»  how  Dell's  direct  approach  can  revolutionize  your  server  consolidation.  To  learn  more  about  the  Dell  ROI  test. 


visit  www.dell.com/serverROI  or  call  us  toll-free  at  1-877-434-DELL. 


Flexible  solutions  that  can  cut  costs  today  and  tomorrow.  Easy  as 


DOLL 


Call  1-877-434-DELL  or  visit  www.dell.com/serverROI 


•Pei  TPCW 1 00.000  Item  Count  Results  lest,  June  2002.  Fot  more  information,  visit  w/av  tpc.org  TPC  and  TPC- W  ate  trademarks  ot  the  Transaction  Processing  Performance  Council.  Intel,  tire  Intel  logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidin' :  us 
in  the  United  States  and  other  countries.  Dell,  the  Dell  logo  and  PowerEdge  are  registered  trademarks  of  the  Dell  Computer  Corporation.  ©2002  Dell  Computer  Corporation  All  rights  reserved 
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IT  CAREERS 


It’s  like  having 

the  i  nsi  de  track  on 

all  the  hottest  tech  jobs, 

all  the  time. 


The  hottest  job  leads  you  can’t 
find  anywhere  else  are  all  right 
here.  That's  because  Dice  is  all 
tech  jobs,  all  the  time.  Get  the 
inside  track  on  the  best  tech 
jobs.  Go  to  dice.com  today. 


'  2002  Dice.com 
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Network  Service  Solatia 


NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 


•  Sr.  Tibco  (RV,  Integration  Mgr) 
Developer 

•  TIBCO/TRIARCH  Systems 
Engineer 

•  Sr.  Security  Systems  Engineer 
All  positions  require  BS/MS 
degree  with  a  minimum  of  2  to  3 
years  of  experience  in  the  field. 
Must  possess  excellent  commu¬ 
nication  skills  as  well. 


NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279-1960;  Phone  (2 1 2)  279-6565; 
or  Email:  iobus-nv@net2s.com 
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get  better 
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IT  CAREERS 


© 


careers 


You  can 
find  a 
better 

JOB 

with  one 
hand  tied 
behind 
your  back. 


Just  point  your 
mouse  to  the 
world’s  best 
IT  careers  site. 

Brought  to 
you  by 

Computerworld, 
Info  World  and 
Network  World. 

Find  out  more. 

Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley, 
1-800-762-2977 


Where  the  best 
get  better 


PeopleSoft  Applications  Analyst 
wanted  by  Multi-Nat'l  Mktg  Com¬ 
munications  Co  in  Manh.  Pro¬ 
vide  PeopleSoft  tech  support; 
write  specs;  modify  existing  appis 
&  reports;  implement  upgrades. 
Bach  in  Comp  Sci  &  2yrs  exp  in 
job  offered  req.  Respond  to; 
JK/HR  Dept,  PO  Bx  4241 ,  GCS, 
NY  10163. 


Inertial  Sys  co  sks  Microcntrler 
S/W  Engineer.  Dvlp  Microcntrler 
SAW  using  debugger  for  serial 
comm,  of  inertial/rate  devices  w/ 
C,  C++,  C#  &  rate  table.  Req: 
2  yrs  exp  &  BS  in  CS/EE  Res: 
Inertial  Science  3533  Old  Conejo 
Rd  #  104,  Newbury  Park,  CA 
91320 


DATABASE  ADMINISTRATOR. 
Bachelor's  degree  or  foreign  de¬ 
gree  equivalent  in  Computer  Sci¬ 
ence,  Computer  Engineering,  or 
a  closely  related  field  required. 
Must  hold  three  years  experi¬ 
ence  in  database  administration 
using  Oracle  and  Oracle 
DRUMS  in  programming.  Work 
hours:  8  am  to  5  pm,  M-F.  Send 
resume  to  Natalyn-America's 
Collectible  Network,  Inc.,  10001 
Kingston  Pike,  Suite  57, 
Knoxville,  TN  37922;  Attn:  Job 
Code  DAB. 


Computer  Professionals  w/exp 
in  DELPHI,  Sybase,  SQL,  JAVA, 
Star/Team,  ERWin,  Dataflex,  MS 
SQL  Server,  ORACLE,  UNIX, 
LINUX,  HTML,  XML,  Windows 
97NT/2000.  Apply  to  T riple  Point 
Technology,  Inc.,  301  Riverside 
Avenue,  Westport,  CT  06880. 


Comp.  Oracle  Administrator 
Euro  Solutions  Group  dba  e: 
Solutions  Group  seeks  an  Oracle 
Application  Database  Adminis¬ 
trator  in  our  New  York,  NY  loc. 
Position  involves  all  DBA  activities 
including  system  development 
life  cycle,  data  analysis,  system 
design  and  dev't,  testing  +  im¬ 
plementation.  Support  global 
databases  on-site  +  remotely. 
Liaise  with  international  clients. 
Must  have  a  B.S.  in  Comp. 
Sci.  or  related  field  and  3  yrs  of 
relevant  exp.  Applicants  send 
resume  to  evolutions  Group, 
H.R.  Dept,  420  Madison  Ave., 
#1101,  New  York  NY  10017. 


Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley. 

1-800-762-2977 


Principle  Software  Engineer:  A 
supplier  of  world  class  circuits  to 
world-known  PC  manufacturers 
is  seeking  a  Principle  Software 
Engineer  who  will  act  as  project 
leader  and  guide  junior  engi¬ 
neers  in  developing  drivers 
under  Win  98/me/2000  that  will 
handle  PnP  messages  and  pass 
the  WHQL  tests.  Req'd:  B.S. 
degree  in  Engineering.  Computer 
Science,  Information  Systems  or 
related  with  5  yrs  exp  in  the 
job  offered  or  as  Application 
Software  Developer.  Exp  w/USB 
driver  development  &  kernel-level 
debugging.  Exp  wAWin  OS  archi¬ 
tecture,  MS  SQL  Server  6.5, 
Visual  BASIC  &  C/C++.  Standard 
Microsystems  Corp.,  11000  N. 
Mopac  Expressway,  Stonelake 
Bldg.  6,  Austin,  TX  78759;  Attn: 
Rick  Karl. 


Software  Engineer  wanted  to 
perform  data  storage  software 
design,  development,  and  main¬ 
tenance,  system  documentation 
and  related  duties.  MS  in  Com¬ 
puter  Science  and  2  yrs  related 
experience  required.  Send 
resume  to  Data  Reliability  Inc. 
3895  Metro  Drive,  Jackson,  MS 
39209. 


Support  Analyst,  Information 
Technology  Company  -  Provide 
technical  support  to  clients  for 
company's  proprietary  software 
applications;  maintain  customer 
support  database;  test  new 
products.  B.S.  in  Computer 
Sciences  or  related  field.  Salary 
commensurate  with  exp.  40 
hrs/wk,  8  AM  -  5  PM,  M-F.  Mail 
resume  to:  Info  Tech,  Inc.,  5700 
SW  34th  Street,  Gainesville,  FL 
32608. 


Prog/Analysts  to  analyze,  design 
/develop  appis  using  Java, 
HTML,  Javascript,  UML,  XML, 
Oracle,  Dev  2000,  Designer 
2000,  Rational  Rose,  under 
Windows,  Unix  and  Solaris  envi¬ 
ronments;  perform  business 
collaboration,  process/data 
modeling  using  SDLC/OOPS. 
BS  or  foreign  equiv  &  2  yrs  exp 
in  IT.  High  salaries,  F/T.  Travel 
involved.  Resumes  to  Bahwan 
Cybertek  Technologies,  Inc.  209 
West  Central  Street,  Suite  312, 
Natick,  MA  01760. 


♦ 


Programmer  Analysts  needed. 
Seeking  qualified  candidates 
possessing  2  yrs  of  college  or 
equiv.  and  2  years  work  exp. 
using  Progress  Database,  Unix 
and  EDI  procedures.  Duties 
include:  Design,  study,  code  and 
test  software  systems  and  pro¬ 
grams.  Write  programs,  interfaces, 
and  EDI  procedures.  Work  with 
Unix,  VB,  Symix,  and  Autocad. 
EOE.  Mail  res.,  ref.  and  Sal.  Req. 
to  Attn:  Human  Resources,  C. 
Lee  Cook,  A  Dover  Resource 
Company,  916  S.  8th  Street, 
Louisville,  KY  40203. 


Infowave  Systems,  Inc,  an  IT 
consulting  firm  in  Wilmington, 
Delaware  is  seeking  individuals 
for  the  following  positions  to  work 
at  client  sites  throughout  the  US: 

Programmer  Analyst-  requires  2 
yrs  exp  in  software  development 
and  B.S.  in  Computer  Science 
or  related  field.  Must  have  exp 
using  Oracle  RDBMS,  PUSQL, 
Forms,  Reports,  Database  tuning, 
Oracle  Application  Modules, 
Shell  Scripts  on  Unix  and  Win¬ 
dows. 

System  Analyst-  requires  2  yrs 
exp  in  Software  Systems  Analysis 
and  Architecture  with  B.S.  in 
Computer  Science  or  related 
field.  Must  have  exp  using  Ratio- 
nalRose,  UML,  and  Used  Cases. 
Programming  experience  in 
Internet  Technologies  on  NT  and 
UNIX. 

Programmer  Analyst  (SAP  and 
Internet):  2  yrs  exp  in  imple¬ 
menting  web  enabled  modules, 
particularly  SD/MM,  utilizing 
SAP  SD/MM  Ver.  4.0  above, 
CRM,  HTML,  JavaScript,  PERL, 
ARIS,  MS  Project  and  RDBMS 
and  B.S  Computer  Science  or 
related  field. 

Apply  to:  Infowave  Systems, 
1701  Shallcross  Avenue,  Suite 
B-6,  Wilmington,  DE  19806. 


Marketing  Director  for  computer 
printer  technologies  company 
located  in  Chantilly,  Virginia. 
Minimum  two  years  experience 
directing  the  marketing  activities 
of  a  computer  printer  technologies 
company,  including  researching 
and  identifying  new  technical 
requirements  and  specifications 
for  products,  communicating 
strategic  and  tactical  product 
requirements  to  engineering, 
working  with  engineering  to 
develop  new  product  features, 
researching  potential  target 
markets  for  products,  developing 
pricing  strategies  to  maximize 
market  share,  directing  and 
administering  company  market¬ 
ing  program,  and  directing  and 
managing  the  creation  of  new 
product  collateral.  The  position 
is  located  in  Chantilly,  Virginia 
with  25%  domestic/intemational 
travel.  Send  resume  to  Human 
Resources,  Genicom,  LLC,  1 
Solutions  Way,  Waynesboro, 
Virginia  22980. 


Senior  Systems  Consultant  - 
recommend  systems  solutions  & 
implementation;  develop,  track  & 
manage  project  plans;  perform 
functional  consultation  for  cus¬ 
tomers  &  clients;  prepare  complex 
recommendations  &  proposals; 
analyze,  design,  develop,  code, 
test  &  implement  systems  software 
utilizing  knowledge  of  &  exp.  w/ 
Vantive,  Oracle  7.X/8.X,  PL/SQL, 
VBScript,  Unix  Shell  Scripting, 
Developer  2000  &  HP-UX;  tune 
&  troubleshoot  current  technical 
applications  &  systems  software; 
lead  teams  of  systems  consul¬ 
tants,  analysts  &  programmers; 
Requires  BS  (or  MS)  in  computer 
science,  information  systems  or 
engineering,  plus  6  YR  related 
exp.  (4  YR  exp.  with  MS).  Please 
apply  online  at  http;//www. 
bellhowell.com/mmt/careers 

/1530.shtml  or  email  to  resume 
durham@bellhowell.com. 

Please  reference  Requisition 
#100V 


Software  Engineer  -  Williamsport, 
PA.  Experience  in  design  and 
development  of  applications 
using  SAP  ABAP/4,  Oracle,  Visual 
Basic,  C++  and  Unix.  Relocation 
within  USA  Possible.  Attractive 
compensation  package.  Send 
resume  to  Supriya  Palayekar, 
Palayekar  Companies,  Inc., 
1959  East  Third  Street, 
Williamsport,  PA  17701. 


Radiant  Systems,  Inc.  a  Nation¬ 
wide  Technology  provider  located 
in  NJ,  CT,  TX  &  FL  req  Computer 
Professionals  with  Hardware 
and/or  Software  skills  including 
C,  C++.  Java,  Java  Scripts,  Perl, 
HTML,  SQL,  Pro’C,  Visual  Basic, 
Visual  C++,  Gupta-SQL.  Power- 
builder  Crystal  Reports,  MFC, 
Windows  SDK,  Oracle,  Informix, 
Sybase,  Developer  2000,  Lotus 
Notes,  Lotus  Script,  Unix,  Win¬ 
dows  NT,  Windows  97,  Real 
Time  Embedded  System  HP- 
Unlx,  Admins,  Sun  OS,  Help 
Desk/PC-Support,  SAP,  R/2- 
R-3,  ABAP/4,  SAP  Scripts,  JD 
EDWARDS,  PL/5,  PEOPLESOFT, 
COBOL/  CICS/DBS,  IDMS, 
AS/400,  MVS,  RPG/  400  Win 
Runner,  Load  Runner,  MS-  Test, 
SQA  Suite,  SNMP,  RTOS,  COR- 
BA,  ASP,  Active-X,  DTM/TDMA, 
FDMA,  Routers,  ATM  Switch, 
DSP/  ATM,  FRAME  RELAY, 
TCP/IP,  ISDN,  COM,  DCOM, 
ASP,  SAS,  DSOS,  VS  WORK, 
Assembly  Aries,  Designer,  Hard¬ 
ware  Architecture,  VHDL, 
SONET/SDH,  SNMP,  HP  Open- 
view,  Map  Info/Arc  Info  Project 
Managers,  Technical  Writers. 
Candidates  w/a  BS  (or  equiv)  & 
2  yrs  exp.  as  Programmer  Analyst 
and/or  MS  (or  equiv)  &  1  yr  exp. 
as  Software  Engineer. 

Excellent  Benefits 

Apply  to:  E-Mail:  RADIANTS 

@  RADIANTS.COM 

Attn:  Human  Res.  Dept.,  107  a 

Corporate  Blvd,  S.  Plainfield,  NJ 

07080. 


Unix  System  Administrator  for 
many  flavors  of  Unix  incl.  Compaq 
Tru64  Unix,  Sun/Solaris  &  Linux. 
Maintain  h/ware  reqd  for  all  flavors 
of  Unix  servers  &  workstations. 
Provide  &  maintain  developmen¬ 
tal  &  teaching  tools  &  utilities 
needed  to  support  academic  com¬ 
puting.  Maintain  Directory,  Email 
&  Web  sves  needed  for  admin 
computing.  Other  responsibilities 
incl:  s/ware  installation/upgrades, 
documentation  dvlpmt,  perfor¬ 
mance  tuning,  backup  &  recovery, 
troubleshooting  &  consulting 
w/vendors  &  developers,  capaci¬ 
ty  planning,  configuration  mgmt, 
user  support.  Will  work  closely 
w/n/work  administrators, 

Helpdesk  staff  &  campus  facul¬ 
ty/staff.  Responsible  for  day-to- 
day  maintenance  &  backup  of  all 
systems  &  applies.  Coord  student 
technicians  in  processing  of  new 
accts  &  user  system  access/se¬ 
curity.  Reqs  demonstrated  ability 
to  manage  file  system  &  support 
educational  community.  Bach  in 
Comp  Sci  &  2  yrs  exp  specific  to 
position  reqd.  Must  be  well  versed 
in  Unix  shell  scripting,  C/C++, 
Perl,  TCP/IP  &  client/server, 
N/work  Svcs:  DHCP,  DNS,  Send- 
mail,  NFS.  NIS,  Radius,  FTP,  Web 
&  MS  Office.  Knowl  of  WinNT  &/or 
VAX  VMS,  LDAP  (Oracle,  Cisco 
routers)  a+.  Qualified  persons 
should  send  Itr  of  application,  cur¬ 
rent  vita  &  3  refs  to  Diana  Catley, 
HR  Dept,  Ref #867,  Ramapo  Col¬ 
lege  of  NJ,  505  Ramapo  Valley 
Rd,  Mahwah,  NJ  07430-1680  or 
email:  dcatley@ramapo.edu 


HRMS  Customization  Software 
Engineer-  Cordova,  Tennessee 
Part  of  a  team  responsible  for  the 
analysis,  design  &  customization 
/modification  of  PeopleSoft  HRMS 
system  in  an  Oracle  &  UNIX 
environment.  Will  utilize  People- 
Soft  version  8  technologies  in¬ 
cluding  PeopleTools,  Application 
Engine  &  SQR  to  customize  &/or 
write  batch  processes.  Must 
have  a  BS  degree  or  equivalent 
with  major  field  of  study  in  Comp. 
Sci,  Engineering  or  related  field. 
Must  have  3  yrs  of  exp.  in  the  job 
offered  or  3  yrs  of  exp.  in  a  posi¬ 
tion  involving  PeopleSoft  HRMS 
customization/modification  in  an 
Oracle  &  Unix  environment.  Exp. 
mentioned  may  have  been 
obtained  concurrently  &  must 
include  2  yrs  of  exp.  working  with 
PeopleSoft  version  8,  including  1 
year  of  exp.  each  in  PeopleTools, 
Application  Engine  &  SQR.  Must 
have  legal  authority  to  work 
in  U.S.  Please  send  resume  to 
S.  Muhammad,  Union  Planter's 
Corporation,  7130  Goodlett 
Farms  Parkway,  Cordova,  TN 
38018. 


Senior  Software  Engineer  - 
analyze,  design,  develop,  test  & 
implement  eGovernment  appli- 
cation&tproducts  using  knowl¬ 
edge  of  &  exp.  w/  RDBMS  (Oracle, 
MS  SQL  Server),  Unix  Shell 
Script,  Unix  Utilities  (lex,  yacc, 
awk).  Java,  JavaScripts.  Java 
Swing,  JDBC.  Pro*C,  C++,  C, 
Unix  (Sun  Solaris)  &  Windows 
2000/NT;  manage  on-site  & 
remote  development  teams. 
Requires:  Web  &  Application 
server  use  &  maintenance  exp.; 
BS  (or  MS)  in  computer  science 
or  information  systems  +  7  YR 
related  exp.  (5  YR  w/  MS);  atleast 
2  YR  exp.  in  eGovernment 
applicatons.  Interested  candidates 
e:mail  resumes  to  kroehling 
@  nicusa.com. 


Software  Engineer  Needed  to 
develop  middle-ware  components 
for  real-time  management  and 
testing  of  various  network  de¬ 
vices  utilizing  a  common  platform 
to  manage  CDMA,  TDMA,  GSM 
and  other  environments.  MS 
in  C.  Science  or  related  field  & 
programming  experience  in 
Java,  XML,  CORBA,  Visibroker 
required.  Send  resumes/salary 
history  to:Alexander  Gavrilov, 
SoftTrend,  Inc.,  6160  N.  Cicero, 
Suite  124,  Chicago,  IL  60646. 


Principal  Software  Engineer  will 
design,  develop  and  maintain 
software  using  COM/DCOM  on 
NT/2000  platform  for  middle-tier 
of  a  3-tier  architecture  for  Com¬ 
pany's  Fixed  Income  division. 
Will  deploy  and  administer  com¬ 
ponents,  written  with  programming 
languages  (Java,  C++,  Visual 
C++,  Visual  Basic,  C#),  under 
application  servers:  MTS  and 
COM+.  Will  use  JDBC/OLEDB 
for  accessing  data  from  data¬ 
base  (Sybase  and  AS400).  Will 
also  write  ASP  pages  using 
VB  Script  and  Java  Script  and 
deploy  them  under  IIS.  Requires 
Bachelor’s  or  equivalent  in  Com¬ 
puter  Science,  Engineering, 
Mathematics,  Business,  Statistics, 
or  Physics,  plus  five  (5)  years 
experience  in  Job  Offered  OR 
five  (5)  years  experience  in  3- 
tier  client/server  architecture 
OR  Master’s  or  equivalent  in 
Computer  Science,  Engineering, 
Mathematics,  Business,  Statistics, 
or  Physics,  plus  three  (3)  years 
experience  in  Job  Offered  OR 
three  (3)  years  experience  in  3- 
tier  client/server  architecture. 
Candidate  must  also  possess 
demonstrated  expertise  devel¬ 
oping  and  deploying  Middleware 
using  COM,  DCOM,  MTS,  and 
COM+;  demonstrated  expertise 
programming  in  Java,  C++,  and 
Visual  Basic;  and  demonstrated 
expertise  programming  Sybase 
connectivity.  Salary:  $75,700/ 
yr,  M-F,  9AM-5PM.  Send  2 
resumes  to  Case  #2002-402, 
P.O.  Box  989,  Concord,  NH 
03302-0989.  EOE.  Applicants 
must  be  U.S.  workers  eligible  to 
accept  full-time  employment  in 
U.S. 


COMFORCE  Information  Tech¬ 
nologies,  a  leading  technical 
staffing  company  currently  seeks 
applicants  for  the  following  posi¬ 
tions  in  its  Duluth  offices:  Senior 
Systems  Analyst.  Applicants 
for  this  position  must  have  a 
bachelor's  in  computer  science, 
engineering,  or  related  field  plus 
five  years  of  experience  in  pro¬ 
gramming  and  coding  with 
PL/SQL  and  SQL  Server  to 
include  three  years  experience 
programming  and  coding  with 
HTML,  Java  and  JavaScripts. 
For  consideration,  please  forward 
your  resume  and  letter  of  interest 
by  mail  to:  COMFORCE  Infor¬ 
mation  Technologies,  Resource 
Manager,  6470  East  Johns 
Crossing,  Suite  170,  Duluth,  GA 
30097.  Do  not  email  resumes. 
EOE 
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Systems  Administrator  II.  Senior 
Standard  &  Poor's  is  seeking 
resumes  for  the  position  of 
Senior  Systems  Administrator  II 
to  work  in  Englewood,  CO.  This 
position  acts  as  a  technical  advi¬ 
sor  in  the  administration  of 
an  enterprise  production  UNIX 
environment  consisting  of  net¬ 
worked  servers  and  workstations. 
Is  responsible  for  hardware,  soft¬ 
ware,  operating  systems,  config¬ 
uration  planning,  installation, 
maintenance,  technical  support, 
capacity  and  performance  moni¬ 
toring,  disk  optimization,  file  sys¬ 
tem  integrity;  system  tuning,  and 
troubleshooting.  Designs  sys¬ 
tems  and  oversees  installation  of 
hardware  and  software.  Provides 
technical  support  to  staff.  Man¬ 
ages  system  security  and  system 
resources.  Conducts  evaluations 
and  recommends  software  and 
hardware  products.  Ensures  cre¬ 
ation  and  implementation  of  sys¬ 
tem  backup  and  recovery.  De¬ 
signs,  programs,  and  implements 
system  utilities  and  scripts.  Es¬ 
tablishes  and  enforces  stan¬ 
dards.  Serves  as  project  manag¬ 
er.  Approves  decisions,  delegates 
responsibilities,  assigns  tasks, 
and  supervises  other  system  ad¬ 
ministrators  and  technical  sup¬ 
port  personnel. 

Minimum  requirements:  bache¬ 
lors  degree  in  computer  science, 
information  systems,  engineer¬ 
ing,  or  related  field,  including  eco¬ 
nomics;  three  years  of  experi¬ 
ence  in  systems  administration; 
and  comprehensive  working 
knowledge  of  UNIX  Solaris  oper¬ 
ating  system,  a  wide  variety  of 
third-party  tools,  communication 
protocols,  and  a  broad  knowl¬ 
edge  of  computer  systems  hard¬ 
ware,  software,  operating  sys¬ 
tems,  and  utilities. 

Please  send  resumes  by  mail  to 
Kathy  Slabach,  Job  Reference 
No.  DW82002,  7400  S.  Alton 
Court,  Englewood,  CO  80112. 
Standard  &  Poor's  is  an  equal  op¬ 
portunity  employer 


PS  Info  Tech,  LLC,  a  Colorado 
Springs,  Colorado,  software 
development  and  consulting 
company,  seeks  applications  for 
the  position  of  Programmer/ 
Analyst.  Engage  in  full-life  cycle 
software  development  in  an  IBM 
mainframe  environment.  Use 
COBOL,  REXX,  and  C  program¬ 
ming  language,  SAS  reporting 
language,  CICS,  GUIs,  JCL,  CA- 
7  and  CSP  development  tools, 
and  other  languages  and  tools  in 
the  development  and  consulting 
process.  The  position  which  is 
located  in  Colorado  Springs, 
requires  a  bachelor's  degree  or 
foreign  equivalent  in  computer 
science,  engineering,  or  a  related 
field,  including  mechanical  engi¬ 
neering;  two  years  of  software 
development  experience  in  an 
IBM  mainframe  environment, 
and  working  knowledge  of  CSP, 
CA-7,  SAS,  and  C  programming 
language.  Please  send  resumes 
by  mail  to  PS  Info  Tech,  LLC, 
5152  Prairie  Grass  Lane, 
Colorado  Springs,  CO  80922. 


♦ 


Analyst:  The  Trane  Company,  a 
manufacturing  and  sales  company 
is  seeking  a  Lead  Development 
Analyst  to  analyze  company 
financial  service  operations  and 
existing  Risk  Management  Sys¬ 
tems  in  its  La  Crosse  Wisconsin 
office.  Qualified  candidates  must 
have  a  Bachelor's  Degree  in 
Computer  Science,  at  least  5 
years  experience  as  a  Software 
/Systems  Engineer  or 
Programmer  Analyst,  extensive 
experience  with  Powerbuilder, 
Powerbuilder  Foundation  Class 
and  Power  Tool,  3  years  experi¬ 
ence  with  application  develop¬ 
ment  using  Oracle,  and  2  years 
experience  working  with  con¬ 
struction  industry  risk  manage¬ 
ment  practices.  Interested  appli¬ 
cants  should  mail  resumes  and 
salary  requirements  to  Ms. 
Kathy  Reynolds.  Ref.  ft  ML1 000 
at  3600  Pammel  Creek  Road,  1 7- 
2,  La  Crosse,  Wisconsin  54601 . 
An  equal  opportunity  employer. 


Sr.  Site  Research  Analyst  wanted 
to  research  and  develop  com¬ 
plex  world-wide  web  servers. 
Bachelor's  degree  in  Computer 
Science  and  3  years  experience 
required.  Send  resume  to  Yo- 
dlee,  Inc.,  3600  Bridge  Parkway. 
#200,  Redwood  Shores,  CA 
94065. 

SAP  H.R.  APPLICATIONS 

CONSULTANT,  8am-5pm,  Re¬ 
search,  develop  and  design 

computer  software  systems  as 

they  relate  to  HR  management 

functions  such  as  payroll,  bene¬ 
fits  and  time  management.  Re¬ 
quired:  proficiency  with  SAP  HR 

and  SAP  ABAP/4,  ASAP  Cert., 

B.S.  in  IT  or  related  field,  or 

equiv.  Cedar  Inc.,  Send  Resume: 
glenda.soderstrom  @  cedar.com 

or  fax:(410)752-2879. 

Software  Engineers  (Idaho  Falls): 
Design,  develop,  test  and  imple¬ 
ment  specialized  multi-country, 
multi-site,  ERP  and  CRM  appli¬ 
cations  in  JD  Edwards  One 
World  XE  and  related  tools, 
XML,  VB,  SQL,  and  Windows. 
MS,  Sc./Engg.  and  3  yrs.  exp.  in 
job  offered  or  BS,  Sc./Engg.  and 
5  yrs.  progressive  post  bac¬ 
calaureate  exp.  reqd.  (or  foreign 
equiv.)  Prevailing  wage/benefits. 
Melaleuca,  Inc.,  Attn:  Human 
Resources,  3910  South  Yellow¬ 
stone  Highway,  Idaho  Falls, 
Idaho  83402.  No  phone  calls 
please.  EOE. 

Programmer/Analyst  (Newark, 
DE)-Analyze,  design,  program 
&  implement  advanced  comp, 
applications  for  Web  Based 
Drug  Tracking  Systems  using 
program  devplmt  tools.  Define 
req.,  test  &  implement  systems. 
Req.  Bachelors  in  Comp.  Sci., 
Technology,  Pharmacy,  MIS, 
Statistics  or  Engg  (any  field)  plus 

1  year  exp.  in  job  offered.  Con¬ 
tact:  International  Systems  Tech¬ 
nologies  Inc.,  1812  Front  Street, 
Scotch  Plains,  NJ  07076. 

SOFTWARE  DEVELOPER  - 

LUMEDX  has  an  opportunity 

for  a  Software  Developer. 

Requires  BSCS  or  equiv. 

Send  resume  to:  employment 

@  lumedx.com.  EOE 

Manager,  Software  Developer 

sought  by  NJ  based  Securities 

Dealer.  Must  possess  Bachelor's 

degree  or  equivalent  in  Computer 

Science  or  directly  related  field 

and  5  years  exp.  in  software/sys¬ 
tems  development  and  design. 

Respond  to:  Human  Resources 

Department:  Knight  Trading 

Group,  Inc.,  525  Washington 

Blvd.,  Jersey  City,  NJ  07310. 

Venturi  seeks  Prog./Analyst 
for  Kirkland,  WA  office.  DESC: 
Prov.  comp.  sys.  consult,  to  max. 

I. S.  efficiency.  Anlyz.  bulk  data  for 
migration  into  CRM  sys.  Dsgn, 
dev,  &  impl.  RDBMS  &  web 
based  &  distrb.  tools  &  s/w  util. 
SQL,  VB,  ASP,  VBScript,  JScript, 
Win.  o/s.  Config.  &  maint.  corp. 
web  servers.  REQ:  BS  in  Engr, 
CS,  Math,  or  Physics  +  2  yrs. 
exp.  dsgn,  dev,  &  impl  RDBMS  & 
distrb.  tools  &  aps.  util.  SQL,  VB, 
ASP,  VBScript,  JScript,  Win.  o/s. 
Prem.  sal.  +  benes.  Pis.  reply  to 

J.  King,  Job#  VT-102,  11255 
Kirkland  Way,  Kirkland,  WA 
98033. 

Programmer:  Responsible  for  soft¬ 
ware  project’s  requirement 
collecting  &  analysis,  preliminary 
and  detailed  design,  coding,  test¬ 
ing,  writing  documents  and  on-site 
implementation,  user  support  and 
further  improvement  in  cattle  in¬ 
dustry.  Plan ,  manage  and  track  the 
schedule  of  whole  development 
cycle  and  analyze  the  feasibility  of 
project.  Provide  consultation  to 
user  and  development  staff.  Req. 
BS  or  equivalent  in  CS  or  CIS  with 
nine  months  exp.  in  job  offered  or 
programmer  analyst.  Must  be  pro¬ 
ficient  in  CIS  Management  Sys¬ 
tem,  EID  Reader,  Visual  Stu- 
dio.NET,  XML  and  RationalRose. 
$52,000.00/yr,  40/wk,  9-5.  Send 
resume  to  LOR,  Inc.  at 
wlam  @  rrrassociates.com. 

Analyst  (network  systems  & 
data  communications)  -  perform 
analysis,  design,  testing,  evalua¬ 
tion  etc.  of  LAN/WAN  &  other  sys¬ 
tems,  Research  &  recommend 
proper  hard-/software  to  users. 
Maintain,  troubleshoot  &  assist 
users  w/  programs  &  implemen¬ 
tations.  Resolve  technical  issues. 
Coordinate  overseas  offices  w/ 
user  requirements,  design,  devel¬ 
op  &  solutions.  Requires:  BS- 
Computer  Science  (  or  equiva¬ 
lency);  Microsoft  Technologies 
Certification;  2yrs  exp  in  comput¬ 
er  software  solution  develop¬ 
ment.  $36K/yr  (  40hrs/wk).  Apply 
with  CV  to:  Sri  Vepa,  Systems 
Hardware  Inc.  661  Brea  Canyon 
Road,  Suite  5  Walnut,  CA  91789 

Programmer  Analysts  needed. 
Seeking  qualified  candidates 
possessing  BS  or  equiv.  and/or 
rel.  work  experience.  Duties 
include:  Designing  programs  to 
merge  purge  maintain  and  inte¬ 
grate  databases;  designing, 
developing  and  maintaining 
company  website;  providing 
technical  support  for  customers 
and  creating  front-end  user 
applications.  Exp.  must  include 
two  years  working  with  Visual 
Basic,  MS  Access  and  Crystal 
Reports.  Mail  res.  ref.  and  sal. 
req.to:DataListerlnc.,  1595  NW 
1st  Court,  Boca  Raton,  FL 
33432. 

where  the  best  get  better 
1-800-762-2977 


Database  Administrators  needed: 
Several  senior  level  positions 
available  for  qualified  candidates 
possessing  relevant  work  expe¬ 
rience.  Part  of  the  relevant  work 
experience  must  include  2  years 
working  with  Peach  Tree.  Duties 
incluCtepustomizinjgjlnplementing 
and  deploying  various  software 
programs;  Setting-up,  monitoring, 
maintaining  and  troubleshooting 
databases.  Work  with  2  of  the 
following:  Peach  Tree,  Oracle, 
FoxPro  and  Windows  NT.  Mail 
resume,  references  and  salary 
requirements  to:  AMG  Stars  Inc., 
4350  S.  Halsted,  Chicago,  IL 
60609. 


Programmers,  Jr.  Programmers, 
Software  Engineers:  Design, 
develop,  test  and  implement 
specialized  applications  in  (1) 
COBOL 78  &  85,  DMSII,  Dargal, 
Bl  Source,  BLDIST,  BLSched, 
ICD,  Tads,  MS  Access,  DB2, 
Cics,  People  Tools  and  SQL;  (2) 
Oracle  8i,  MS  Access,  C,  C++, 
Java,  VB,  Arc  Info,  View,  FM, 
Maplnfo,  Dream  Viewer,  Bench¬ 
marking,  Six  Sigma  and  SQC 
Tools;  (3)  Sybase,  Java,  C++, 
COBOL,  CORBA,  Visibroker, 
MQ  Series,  Rational  Rose,  BEA 
Weblogic,  and  IBM  Websphere. 
Prevailing  wage/benefits.  Send 
resume  to  Attn:  Raja  Narreddy, 
Quantum  Infotech,  Inc.,  30600 
Telegraph  Road,  Ste  2220,  Bing¬ 
ham  Farms,  Ml  48025.  EOE. 


Need  Programmer  Analysts,  Sr. 
Programmer  Analysts,  Software 
engineers,  DBAs,  Tech  Market 
Analysts,  Budget  Analysts,  QA 
Analysts,  Experience  sought  in 
SAP,  VB,  Java,  ASP,  Database 
Administration,  Peoplesoft,  Oracle, 
QA  tools  and  Technical  writing. 
Requirements  and  Salary  vary 
depending  upon  position:  All 
positions  require  a  minimum  of 
a  Bachelor’s  degree  and  experi¬ 
ence.  Must  be  willing  to  travel/ 
relocate  if  necessary.  We  offer 
salary  commensurate  with  skills 
and  a  desirable  employee  bene¬ 
fits  package.  Please  submit  a 
letter  of  interest  and  resume  to: 
resumes  @  svncrotechnoloaies. 

com.  Syncro  Technologies,  Inc. 


SOFTWARE  ENGINEER:  An 
Internet  Solutions  Developer  for 
Global  Capital  Markets  is  seeking 
a  Software  Developer  who  will 
design,  develop  &  maintain  large 
scale  web-based  financial  IS 
for  ASP/Service  Bureau  deploy¬ 
ment.  Req'd:  BS  degree  in 
CompSci  or  related.  Min  2  yrs 
exp  in  the  job  or  as  JAVA  Pro¬ 
grammer/Developer.  Must  have 
delivered  &  supported  multi¬ 
tiered  real-time  web-based  client 
server  application  serving  the 
financial  services  industry  in 
an  ASP  environment.  Must  have 
exp  w/JAVA,  J2EE,  C++,  XML, 
Oracle  RDBMS  &  WinNT  tech¬ 
nologies.  Send  resume  to:  HR, 
CrossBorder  Exchange  Corp., 
1410  Broadway,  #2700,  NY 
NY  10018.  REF#BM0023.  PLS 
INDICATE  REF#. 


♦ 


Software  Engineer.  Design/ 
implement  healthcare  apps  in 
the  development  of  Disease 
management  systems  using  VB, 
ASP,  VBScript,  ADO,  XML, 
COM+,  HTML,  IIS,  SQL  Server 
7.0/2000,  Visual  Interdev  6, 
Visual  Source  Safe  Windows 
2000.  Prevailing  wage/benefits. 
Send  resume  to  Attn:  Marty 
LeMasuvier,  Matria  Healthcare 
Inc.,  1850  Parkway  Place,  12th 
Floor.  Marietta,  GA  30067. 


Software  Engineer  to  analyze, 
develop,  test,  implement  &  main¬ 
tain  customized  B2B,  B2E,  B2C 
applications  in  a  client/server 
environment  in  different  plat¬ 
forms  (Unix  and  Windows  NT)  & 
databases.  Use  Web  Sen/ices. 
SOAP,  XML,  JSP,  Custom  Tags, 
&  Java  Servlet  according  to 
J2EE  spec  and  C++  implement¬ 
ing  object  oriented  artifacts  & 
design  patterns  to  perform  duties. 
Must  have  MS  in  Computer 
Science  plus  three  years  of 
experience  in  similar  duties. 
Send  resume/cover  letter  to: 
Adel  Santos,  DeepBridge  Content 
Solutions,  61  Broadway,  Suite 
800,  New  York,  NY  10006, 


Software  Design  Engineer  for 
Miami  to  design  and  develop  a 
web  based  Customer  Relation 
Management  (CRM)  and  financial 
analysis  software  localized  in 
Dutch  and  Afrikaans.  Full  time 
position  M-F  offers  good  salary. 
Applicants  with  5  years  related 
experience  and  working  knowl¬ 
edge  of  Microsoft  Visual  Basic 
6,  Visual  C++,  Active  Server 
Pages,  DHTML  and  Java  Script, 
send  resumes  only  to  Mario 
Cabrera,  Human  Resources, 
SunGard  Insurance  Systems 
2000  S.  Dixie  Hwy.,  Miami,  FL 
33133. 


Manager,  3D  Appl.  Rsrch  Group, 
wanted  for  mfgr  of  computer 
components.  Req.  B.S.  in  E.E. 
or  related  scientific  discipline 
plus  8  yrs.  tech,  devlpmt/mgmt 
exp.  in  comp,  graphics  industry. 
Reply  to  K.B.,  H.R.  Dept.,  ATI 
Research,  Inc.  62  Forest  St., 
Marlboro  MA  01752. 


■ 


Forum  Systems  currently  has 
opportunities  in  Sandy,  UT  for 
the  following  positions 

‘Software  Engineers 
(Consultants)* 

‘Must  be  available  to  travel  to 
various  and  unanticipated 
worksites  throughout  the  U.S. 

Positions  require  Bachelor's  in  CS, 
Engineering,  or  related  field  and 
3  years  of  software  engineering 
experience.  Experience  must 
include:  1)  XML,  2)  TCP/IP,  3) 
Linux  and  4)  Java 

For  consideration  forward  your 
resume  to: 

Zak  Farrington 
Forum  Systems 
45  West  10000  South 
Ste.  415 

Sandy,  UT  84070 
(No  phone  cails) 
www.forumsys.com 


Dir  of  Development  to  provide 
tech  leadership  to  analyze, 
design,  implement  appls  using 
Delphi,  Java,  VB,  ERWin  on 
Windows;  manage  databases 
using  Oracle.  D2K,  MS  Access, 
SQL;  interact  with  users  to  gather 
reqs;  review  project  requests 
and  prioritize;  assign,  direct, 
manage  development  team; 
plan/execute  QC  policies.  Req: 
MS  in  CS  /  Engg.  (any  branch) 
with  3  yrs  exp  in  job  offered  or 
BS  or  foreign  equiv  in  any 
of  above  &  5  yrs  of  relevant 
progressive  exp.  High  salary.  F/T. 
Resume  to  HR.  Get  Proof,  Inc., 
3050,  Royal  Blvd  South.,  Ste 
195,  Alpharetta,  GA  30022 


MILLIONS  OF 
READERS 

MILLIONS  OF 
SURFERS 


ONLY 
THOUSANDS 
OF  DOLLARS 

TOTAL  IMPACT 
TOTAL 
SAVINGS 

Put  your  message  in 
IT  careers  and 
ITcareers.com  and 
reach  the  world’s 
best  IT  talent. 


ITcareers 

where  the  bast  get  belter 
1-80D-782-2977 
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IT  CAREERS 


Luckily,  We 
Are  Too! 

For  the  most  up  to 
date  opportunities 
and  coverage,  stay 
tuned  in  with  us. 

ITcareers 

where  the  best  get  better 

1-800-762-2977 


The  World 
Of  Work  Is 
Changing 
Every  Week. 


V  GROUP  INC. 

Software  &  consulting  company 
seeks  qualified  professionals 
(Bachelor's  degree  +)  for  nation¬ 
wide  positions 

Programmer  /  System  Analyst 
Web  Developers  (Java,  coldfusion, 
ASP) 

Web  Masters 

ERP/CRM  Professionals  (Siebel, 
SAP,  BaaN)  Tools  (Actuate, 
Crystal  Reports)  Client  Server 
(Oracle,  C,  C++,  VC++,  VB) 
System  Administrators 
(Solaris,  HP-UX,  AIX,  Windows 
NT,  Cisco)  Database  Administra¬ 
tors  (Oracle  Apps,  Peoplesoft, 
Sybase,  Oracle,  DB2) 

Salary:  $90,000  -  $1 10,000  PA 
Benefits  available 
Send  resume  to: 

V  Group  Inc 

1220  N  Market  St,  Ste  206 
Wilmington,  DE  19801 
jobs@vgroup.net 
Fax:  954-697-4677 


Computer  Software  Engineer 
Atlanta,  Georgia 

Design  software  adhering  to 
well-structured  software  engi¬ 
neering  standards,  including  the 
design  specifications  and  devel¬ 
opment  schedule.  Primary 
responsibility  includes  specific 
tools  for  GIS/Remote  Sensing, 
help  test  software  and  on-line 
help.  Masters  degree  in  Informa¬ 
tion  Systems  or  Computer  Science 
and  3-5  years'  experience  re¬ 
quired,  familiarity  with  ERDAS 
products  and  good  working 
knowledge  of  ESRI  ArcObjects 
required.  Experienced  in  the 
development  of  algorithms 
as  they  pertain  to  the  GIS/ 
Remote  Sensing.  ERDAS,  LLC. 
jody.stepakoff@gis.leica-geo 
systems.com. 


Forum  Systems  currently  has 
opportunities  in  Sandy,  UT  for 
the  following  positions 

•Software  Engineers 
(Consultants)* 

•Must  be  available  to  travel  to 
various  and  unanticipated 
worksites  throughout  the  U.S. 

Positions  require  Bachelor’s  in  CS, 
Engineering,  or  related  field  and 
3  years  of  software  engineering 
experience.  Experience  must 
include:  1)  XML,  2)  TCP/IP,  3) 
Linux  and  4)  Java 

For  consideration  forward  your 
resume  to: 

Zak  Farrington 
Forum  Systems 
45  West  10000  South 
Ste.  415 

Sandy,  UT  84070 
(No  phone  calls) 
www.forumsys.com 


Mathematica  Policy  Research, 
Inc.,  a  leader  in  policy  research 
and  analysis,  has  an  opening  for 
a  Senior  Programmer/Analyst 
(SAS  Programmer)  to  convert 
data  from  research  project  spec¬ 
ifications  to  create  or  modify 
computer  programs  using  SAS, 
Stata  and  Visual  Basic.  Qualified 
individuals  should  possess  a 
Masters  or  equivalent  in  Econ, 
Math,  Info.  Sys.,  Stats,  or  De¬ 
mography.  For  immediate  con¬ 
sideration.  please  send  resume 
(no  calls)  to  Kim  Wilson.  Mathe¬ 
matica  Policy  Research,  Inc  , 
600  Maryland  Ave.,  SW,  Ste. 
550,  Washington,  DC  20024. 
Please  reference  job  code:  2892. 
AA/EOE 


NEED 
TO  IRE. 

©  caree  >com 

START 
WITH  US. 


Software  Engineer.  Duties:  Assist 
w/develop.  &  testing  of  comp, 
appls.  for  P609  server.  Assist 
w/develop.  of  system  console 
software  on  Linux  Assist  in 
performing  custom  prog,  to  im¬ 
prove  efficiency  of  web-based 
appls.  using  Java  &  AIX.  Perform 
&  document  testing  of  software 
projects  for  graphical  user  inter¬ 
face  platform  mgmt.  hardware. 
Requires:  B.S.  (orforeign  equiv.) 
in  Comp.  Sci.,  Eng.  or  a  related 
field  &  3  yrs.  exp.  in  the  job  of¬ 
fered  or  3  yrs.  exp.  as  a  Systems 
Tester  or  Prog./Analyst.  Concur¬ 
rent  exp.  must  incl.  3  yrs.  exp. 
performing  testing  of  software 
projects  &  3  yrs.  exp.  using  Java 
&  Linux.  EOE.  40  hrs./wk.  8:00 
a.m.-5:00  p.m.  Send  resume  (no 
calls)  to:  Molly  Stone,  CTG,  Inc., 
800  Delaware  Ave.,  Buffalo,  NY 
14209-2094. 


Numann  Technologies,  Inc.,  an 
Elk  Grove,  CA  based  Software 
Consulting  firm  is  looking  for: 

Computer  Programmers 
UNIX  System  Administrators 
Software  Engineers 

Must  have  at  least  a  Bachelor 
Degree  in  Computer  Science/ 
Mathematics/Physics  or  equiva¬ 
lent,  with  at  least  3-5  years  relevant 
experience.  Must  be  willing  to 
travel  from  Elk  Grove,  CA  to 
temporary  worksites  throughout 
the  US,  to  be  paid,  at  least,  the 
prevailing  wage  in  that  area. 
Employee  will  remain  employed 
by  Numann  Technologies,  Inc. 
E.O.E. 

Fax  or  mail  resume  to: 

Numann  Technologies,  Inc., 
9021  Lanetry  Court,  Elk  Grove, 
CA  95758;  Fax:  (916)  351-0337; 
Email:  gen@numann.com 


♦ 


Databased  Solutions  Inc.  has 
openings  for  Programmer  Ana¬ 
lysts  with  at  least  four  years  of 
experience  in  programming  and 
quality  assurance,  including 
two  years  of  experience  in  ISO 
9000  implementation.  Job  Duties: 
Analysis,  design,  development, 
testing,  customization,  docu¬ 
mentation,  installation,  and 
implementation  of  web  based 
software  applications  and  client 
/server  applications  using  Novell, 
Visual  Basic,  TCP/IP,  UDP/IP, 
Oracle,  Java,  Lotus,  Power¬ 
Builder,  and  Cobol;  QA  testing 
and  implementation  using  tools 
such  as  Rational,  Mercury,  Silk, 
Jprobe.  Some  positions  require 
two  years  experience  with  a 
Bachelors  degree  or  a  Masters. 
Excellent  Pay  and  Benefits.  Mail 
resume  to:  HR  Dept.,  Databased 
Solutions  Inc.  100  Jersey  Av¬ 
enue,  Suite  B-201,  New 
Brunswick,  New  Jersey  08901 . 


♦ 


Software  Engineer:  Responsible 
for  the  database  administration 
of  PeopleSoft  general  ledger  ap¬ 
plication;  provide  production 
support,  planning  and  imple 
mentation  of  production  releases, 
problem  determination  and 
resolution;  handle  performance 
tuning,  backup,  recovery  and 
disaster  recovery  of  the  database. 
Requires  Bachelors  degree  in 
Engineering  or  Computer  Science 
plus  one  year  experience  in  the 
job  offered  or  one  year  experi¬ 
ence  in  database  administration 
of  PeopleSoft  general  ledger 
application.  Salary  $88,400/yr, 
40  hrs/wk.  8AM-5PM.  Mon-Fri. 
Job  site  in  Manchester,  NH.  To 
apply  send  two  (2)  copies  of  your 
resume/letter  of  application  to: 
Job  Order  #2002-399,  P.0  Box 
989,  Concord.  NH  03302-0989. 


Data  Coordinating  Specialist  I 

Boehringer  Ingelheim  Pharma¬ 
ceuticals,  Inc.  has  multiple  open¬ 
ings  in  its  Ridgefield,  Connecticut 
office  for  the  positions  of  Data 
Coordinating  Specialist  I. 

Manages  and  reviews  discrep¬ 
ancy  database,  recommends 
solutions  leading  to  resolution  of 
data  discrepancies  that  involve 
inclusion  of  medical  data  in  the 
database  and  applies  Medical 
/Data  Management  policies  and 
procedures  for  timely  processing 
of  product  efficacy  and  safety 
data. 

Must  possess  at  least  a  bachelor's 
degree  or  its  equivalent  in  the 
Medical  or  Biological  field  and 
relevant  experience,  including 
experience  with  medical  termi¬ 
nology,  medicine,  clinical  research 
and  data  processing,  computer 
applications  on  multiple  systems 
and  FDA  pre-submission  for 
device. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code 
AD-GCD/GC1102  or  it  will  be 
rejected. 

Forward  resume  to  Bl  Staffing 
Center,  PO  Box  534,  Waltham,  MA 
02454.  Fax  number:  (781)  663- 
2431.  Email:  BIPIQBI-careers. 
com.  EOE 


Programmer/Web  Developer- 
Chicago  NW  suburb,  40  hrs.  per 
wk.  9AM  -  5PM,  $62,305  per  yr. 
Will  design  and  implement  large 
scale  back-end  databases  for 
clients  using  MS  SQL  Server 
7.0.  Will  develop  server  side 
applications  using  ASP,  Visual 
Basic  and  VB  Script.  Will  provide 
front-end  web  site  development 
using  HTML,  Java  Script,  Dream 
weaver  and  Flash.  Will  provide 
technical  support  to  clients  in  the 
above  areas.  Must  have  Bachelor's 
of  Science  degree  in  Computer 
Engineering,  and  1  yr.  of  exp.  in 
job  offered  or  2  yrs.  exp.  as  a 
Computer  Programmer.  Must 
have  2  yrs.  of  exp.  with  MS  SQL 
Server,  Access  &  database  de¬ 
sign;  1  yr.  exp.  with  Visual  Basic; 
9  months  exp.  with  ASP,  Java 
Script,  HTML.  Adobe  Photoshop 
&  Macro  media  Flash.  Applicants 
must  show  proof  of  legal  authority 
to  work  in  U.S.  No  Calls  -  Send  2 
copies  of  both  resume  &  cover 
letter  to:  Illinois  Department  of 
Employment  Security,  401  S. 
State  St.,  -  7  North,  Chicago,  IL 
60605,  Attn;  Leila  Jackson,  Ref. 
#V-IL  30279-J.  An  Employer  Paid 
Ad. 


Software  Developers  -  Technology 
firm  seeks  qualified  professionals 
to  design/develop/  program 
software  solutions.  There  are  two 
positions  open  at  each  of  at 
our  offices  in  New  York,  NY, 
Coralville,  IA  &  San  Francisco, 
CA.The  ideal  candidate  will  have 
exp.  in  any  of  the  following:  java, 
xml,  xsl,  jdbc,  html,  vb,  asp,  sql, 
J2EE,  C/C++,  Unix/WinNT.  Must 
have  a  BS  degree  in  Comp  Sci, 
Engineering,  or  equivalent  & 
at  least  1  yr  related  exp.  Send 
resume  to:  ScreamingMedia  Inc, 
HR,  601  W  26th  St,  13th  FI,  NY, 
NY  10001  Attn:  D.  DeSimone. 
EOE.  Also  visit  our  website  at 
www.screamingmedia.com 


Openings  for  (a)  Business  Ana¬ 
lyst,  with  industry  exp.  in  SQL 
utilities,  C/C++,  Oracle  8i,  Pro'C. 
Bpwin  4.0,  OEM.  web  server 
admin.,  NT/Unix,  (b)  Analyst  II 
with  exp.  in  RMAN,  Ipchains, 
Watchgurad,  Oracle  EDMS 
v.2.1.0.,  8i,  Linksys,  SQL  utilities, 
C/C++.  Digital  Alpha  Server, 
Digital  Unix,  etc.  etc.  Pay  match¬ 
ing  exp.  Foreign  educ.  equiv. 
accepted.  Travel/relocation  reqd. 
Res.  to  Paramount  Software 
Tech..  Inc.,  P.0  Box  871008, 
Morrow,  GA  30287-1008. 


Software  Engineer  and  Senior 
Software  Engineer  consulting 
positions  to  develop,  create,  and 
modify  computer  systems  and 
applications  software  and  spe¬ 
cialized  utility  programs.  Analyze 
and  design  databases  within  an 
application  area.  Analyze  user 
needs  and  develop  software  so¬ 
lutions.  Must  travel  and  relocate 
frequently.  Bachelor's  or  Master's 
degree  or  foreign  equivalent  is 
required  in  one  of  several  limited 
fields:  Computer  Science/Appli¬ 
cations,  Engineering.  Chemistry, 
Math,  Physics,  or  scientific  or 
business  related  field.  In  lieu  of 
Bachelor's  degree,  three  years 
of  undergraduate  study  and 
three  years  of  experience  as 
a  computer  professional  will  be 
accepted.  In  lieu  of  Master's 
degree,  Bachelor's  degree  or 
foreign  equivalent  with  five  years 
of  progressive  experience  as  a 
computer  professional  will  be 
accepted.  Some  positions  re¬ 
quire  one  year  of  experience  in 
the  job  offered  or  as  a  computer 
professional.  Candidates  must 
have  one  year  of  experience  in  a 
particular  skill  set.  CRM:  Siebel, 
Clarify,  Oracle  CRM,  SAP  CRM; 
ERP:  PeopleSott,  SAP,  Baan, 
J.D.  Edwards,  Oracle  Applica¬ 
tions/Financials/  Manufactur- 
ing/HR;  GUI:  Windows  95/98/00, 
Windows  NT,  Unix,  Oracle,  Visu¬ 
al  C++,  C,  C++,  Visual  Basic, 
PowerBuilder,  MFC,  Crystal  Re¬ 
ports,  COM/DCOM,  CORBA;  In¬ 
ternet  Applications:  ASP,  HTML, 
Java  Script,  Java,  Coldfusion, 
Broadvision,  ATG  Dynamo,  Net- 
dynamics,  Websphere,  Java 
Beans,  Front  page,  CGI,  Pearl, 
MTS,  IIS;  Mainframe:  IBM3090, 
IBM  ES900,  MVS,  IMS,  CL'400, 
CICS,  TSO,  VSAM,  COBOL, 
JCL,  AS/400,  DB2,  VAX/VMS; 
Oracle  RDBMS:  Designer  2000, 
Developer  2000,  Oracle  RDBMS, 
SQL-Plus,  Pro'C,  PL/SQL,  SQL' 
Forms,  SQL'Reports,  SQL 
'Loader,  Oracle  Forms,  Oracle 
Reports,  SQL'Menu,  SQL'DBA, 
SQL'Net;  RDBMS:  Informix, 
Oracle,  FoxPro,  Sybase,  SQL 
Server,  Progress;  Unix/NT  Ad¬ 
ministrators:  RS/6000,  Sun  Sparc, 
Sun  Ultra,  SUN  Enterprise,  HP 
9000,  Logical  Volume  Manager, 
IBM  RAID,  SSA,  TCP/IP,  SUN 
CLUSTER,  HIGH  Availability, 
SUN  RAID,  Veritas  Volume 
Manager,  NIS,  NIS+,  NFS,  MC 
Service  Guard,  HP  Openview, 
Linux,  FreeBSD,  GNU.  Please 
submit  resumes  with  cover  letter, 
specifying  position  of  considera¬ 
tion,  to:  Rapidigm,  Immigration 
Section,  code#  92R,  4400 
Campbells  Run  Road,  Pittsburgh, 
PA  15205. 


♦ 


AVX  Corporation,  a  worldwide 
leader  in  manufacturing  passive 
electronic  components  and 
capacitors,  has  an  opening  for  a 
Computer  Programmer  Analyst. 
Duties  are  the  following:  1. 
Updates,  tests  and  maintains 
WALKER  FINANCIAL  software 
applications;  2.  Monitors  and 
maintains  VSAM  database  for 
WALKER  FINANCIAL  software 
applications;  3.  Utilizes 
CICS/VS/COBOL  II  to  determine 
new  features  such  as  on-line 
menus,  screens  and  database 
operations  for  WALKER  FINAN¬ 
CIAL  software  applications;  and 
4.  Utilizes  EXPEDITOR  computer 
programs  to  resolve  batch  pro¬ 
duction  problems  and  enhance 
codes  for  WALKER  FINANCIAL 
software  applications;  Salary  and 
benefits  offered  are  commensu¬ 
rate  with  the  position  Minimum 
requirements  are  a  Bachelor’s 
Degree  in  Computet  Science, 
Mathematics,  or  Chemical 
Engineering  and  one  year  six 
months  experience  in  the  pb 
offered  Work  schedule  is  from 
8:30  a.m.  to  5:30  p.m.  Monday 
through  Friday  40  hours  per 
week  The  position  is  located  in 
Myrtle  Beach,  South  Carolina 
Applicants  must  send  two 
resumes  to  the  following:  AVX 
Corporation.  Human  Resources 
Dept.  1 5.  Computer  Programmer 
Analyst  Position  Post  Office  Box 
867,  Myrtle  Beach  South 
Carolina  29577  No  Phone  Calls 
please. 
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Siebel  and  SAP 

ware  at  its  Sapphire  ’02  user 
conference  in  Lisbon,  Portugal. 
The  upgrade,  due  to  ship  at  the 
end  of  this  month,  uses  SAP’s 
new  Web  Dynpro  presenta¬ 
tion-level  technology  in  role- 
based  user  interfaces  designed 
to  give  workers  job-specific 
views  of  data  and  make  the 
CRM  software  easier  to  use. 

John  Grozier,  group  director 
of  CRM  product  marketing  at 
SAP,  said  Version  3.1  of  mySAP 
CRM  will  also  be  tightly  inte¬ 
grated  into  the  company’s  por¬ 
tal  software.  That  will  let  end 
users  take  data,  such  as  a  cus¬ 
tomer  address,  from  a  CRM 
system  and  drag  and  drop  the 
information  into  other  SAP  ap¬ 
plications,  Grozier  said. 

Denis  Pombriant,  an  analyst 
at  Aberdeen  Group  Inc.  in 
Boston,  said  Siebel  and  SAP 
are  going  in  somewhat  differ¬ 
ent  directions  with  their  new 
releases.  Siebel  is  focusing  on 


delivering  end-to-end  business 
processes  to  specific  vertical 
industries,  he  said,  while  SAP’s 
portal  integration  capabilities 
are  aimed  at  easing  the  integra¬ 
tion  of  front-end  CRM  applica¬ 
tions  and  back-office  systems. 

“The  way  Siebel  is  going  I 
really  believe  is  the  right  direc¬ 
tion,”  said  Kevin  Lathrop,  CIO 
at  Unishippers  Association  Inc., 
a  Salt  Lake  City-based  compa¬ 
ny  whose  300-plus  franchisees 
provide  shipping  services  in 
the  U.S.  and  the  U.K.  “One  of 
the  reasons  we  selected  Siebel 
was  that  they  would  stay  with 
best  practices  and  build  them 
into  the  product  over  time.” 

Unishippers  is  beta-testing 
the  partner  relationship  man¬ 
agement  application  in  Siebel 
7.5  and  plans  to  go  live  with  the 
software  in  the  first  quarter  of 
next  year,  Lathrop  said.  The 
product  will  replace  home¬ 
grown  applications,  he  added. 

Lathrop  said  he’s  particular¬ 
ly  interested  in  the  sales  and 
customer  service  processes 
embedded  in  Siebel  7.5,  al¬ 
though  he  added  that  it  doesn’t 


include  any  vertical-industry 
tools  developed  specifically 
for  transportation  companies. 

Joanie  Rufo,  an  analyst  at 
AMR  Research  Inc.  in  Boston, 
said  Version  3.0  of  mySAP 
CRM,  which  became  available 
in  the  third  quarter  of  last  year, 
was  SAP’s  first  truly  competi¬ 
tive  release.  And  Version  3.1 
better  positions  the  company 
as  a  rival  to  San  Mateo,  Calif.- 
based  Siebel  and  other  CRM 
vendors  such  as  Oracle  Corp. 
and  PeopleSoft  Inc.  in  Pleasan¬ 
ton,  Calif.,  Rufo  said. 

Barry  McGoldrick,  director 
of  global  application  develop¬ 
ment  at  Molex  Inc.  in  Lisle  Ill., 
said  the  maker  of  electronic 
components  plans  to  upgrade 
to  Version  3.1  of  mySAP  CRM 
early  next  year. 

Molex,  which  uses  SAP’s  R/3 
enterprise  resource  planning 
software  and  Version  2.0  of 
mySAP  CRM,  is  already  test¬ 
ing  the  new  CRM  release.  Mc¬ 
Goldrick  said  end  users  at  the 
company  have  given  a  thumbs 
up  to  the  software’s  ease-of- 
use  improvements.  • 


Continued  from  page  1 

Legacy  Ties 

Siebel’s  applications  and  the 
transaction  systems  used  by 
Countrywide’s  business  units. 

Vigna  said  it  would  have 
been  too  time-consuming  and 
expensive  to  tie  together  all  of 
the  customer  data  stored  in  the 
transaction  systems  to  Siebel  7 
without  the  WRQ_  tools.  Most 
of  the  transaction  systems  run 
on  AS/400s,  although  Country¬ 
wide  also  has  a  small  main¬ 
frame  installation,  he  said. 
Siebel  7  will  be  installed  on 
Windows  2000  servers. 

Mixing  New  and  Old 

Tyler  McDaniel,  an  analyst 
at  Hurwitz  Group  Inc.  in  Fram¬ 
ingham,  Mass.,  said  Country¬ 
wide’s  integration  challenges 
are  a  classic  example  of  the 
problems  faced  by  companies 
that  need  to  mix  new  CRM  ap¬ 
plications  with  the  systems 
that  are  already  installed. 

“A  lot  of  the  systems  have 
been  in  existence  a  number  of 
years,  and  as  a  result,  they’re 
very  complex,”  McDaniel  said. 
“When  you  try  to  hook  one 
complex  system,  like  the 
AS/400,  into  another  complex 
system,  like  Siebel,  you  com¬ 
pound  the  issue.” 

Vigna  said  the  plan  to  pro¬ 
duce  a  single  view  of  customer 
data  is  further  complicated  by 
the  presence  of  more  than  a 
half-dozen  customer  transac¬ 
tion  databases  that  feed  data  to 
end  users  via  5250  emulation 
software.  In  addition,  Country¬ 
wide  uses  IBM’s  Java  2  Enter¬ 
prise  Edition-based  WebSphere 
Application  Server  software  to 
control  an  existing  series  of 
Web  applications. 

In  an  effort  to  solve  the  inte¬ 
gration  conundrum,  Country¬ 
wide  plans  to  use  WRQ_’s  Vera- 
stream  software  to  translate 
customer  data  stored  on  the 
AS/400s  into  reusable  compo¬ 
nents  that  can  be  read  by  the 
Siebel  7  applications.  Vera- 
stream  is  being  installed  on 


Technology  Plan 


Countrywide  is  installing 
the  following  software  as 
part  of  its  CRM  project: 

■  The  Web-based  Siebel  7 
CRM  suite  to  integrate  customer 
data  from  20  different  business 
units  within  a  single  user  interface 

■  WRQ’s  Verastream  Host  In¬ 
tegrator  and  Information  Bro¬ 
ker  tools  to  turn  data  in  the  com¬ 
pany’s  AS/400  systems  into 
reusable  components  that  can  be 
accessed  by  Siebel  7 

centralized  component  broker 
servers,  according  to  Vigna 
“The  Verastream  software 
enables  us  to  create  a  single  in¬ 
terface,  and  it  allows  us  to  do  it 
behind  the  scenes  of  our  lega¬ 
cy  5250  applications,”  he  said. 
“And  it  allows  our  J2EE  compo¬ 
nents  to  be  served  up  from  a 
WebSphere  environment,  Unix 
or  any  other  environment. 
That  was  key  for  us.” 

Another  problem  Country¬ 
wide  is  facing  is  the  fact  that 
many  of  its  Web-based  trans¬ 
actions  run  at  near  real  time, 
but  the  applications  on  its 
AS/400  servers  were  designed 
to  be  processed  in  batch  mode. 
Verastream  should  mitigate 
that  issue  by  enabling  the 
batch  systems  to  function  at 
real-time  speeds,  Vigna  said. 

The  First  phase  of  the  CRM 
project  involves  Country¬ 
wide’s  Balboa  Life  &  Casualty 
insurance  group,  which  is 
based  in  Irvine,  Calif.  Balboa 
plans  to  use  Siebel  7  in  combi¬ 
nation  with  its  existing  sys¬ 
tems  to  set  up  a  virtual  claims 
office  that’s  designed  to  give 
its  workers  and  customers  a 
Web-enabled  view  of  the  in¬ 
surance  claims  process. 

The  plan  calls  for  limited 
information  about  insurance 
policies  to  be  entered  into 
Siebel  7.  Then  data  from  Bal¬ 
boa’s  existing  systems  will  be 
integrated  into  the  Siebel  soft¬ 
ware  via  Verastream,  and  all 
claims-related  transactions 
will  eventually  be  processed 
within  Siebel  7.  • 


Siebel  Brings  App  Integration  Technology  to  Forefront 


With  the  release  of  its  Siebel  7.5 
upgrade,  Siebel  Systems  is  taking 
more  steps  to  fulfill  a  promise  to 
simplify  business  process  and  ap¬ 
plication  integration  work  for  users 
through  its  Universal  Application 
Network  (UAN)  technology. 

UAN,  which  was  announced  in 
April,  is  designed  to  make  it  easier 
for  companies  to  connect  Siebel's 
CRM  applications  to  homegrown 
systems  and  packaged  applica¬ 
tions  developed  by  other  vendors. 
Usage  of  the  technology  is  still  in 
its  infancy  while  Siebel,  working 
with  partners,  continues  to  develop 
the  specifications. 

But  Siebel  7.5  includes  an  em¬ 
bedded  set  of  UAN-based  Applica¬ 
tion  Services  Interfaces,  which  ex¬ 
pose  Siebel’s  proprietary  applica¬ 
tion  processes  as  Web  services.  It 
also  comes  with  support  for  linking 
the  software  to  applications  based 
on  Java  2  Enterprise  Edition  or  Mi¬ 


crosoft  Corp.’s  .Net  technology, 
according  to  Siebel. 

Kevin  Lathrop,  CIO  at  Salt  Lake 
City-based  Unishippers,  said  the 
UAN  interfaces  could  let  cus¬ 
tomers  of  its  franchisees  access 
data  from  a  variety  of  systems  and 
check  on  invoices  and  the  status  of 
shipments  regardless  of  which 
freight  carrier  is  delivering  the 
goods. 

Lathrop  said  he  isn’t  sure  Uni¬ 
shippers  will  roll  out  the  UAN  tech¬ 
nology  in  the  near  term.  But,  he 
added,  “I  suspect  we’ll  be  using  it 
more  and  more  as  it  supports  our 
future  direction.” 

Tim  Arnold,  IT  manager  at  Bose 
Corp.  in  Framingham,  Mass.,  said 
UAN  should  give  users  a  way  to 
easily  extract  data  from  Siebel  ap¬ 
plication  tables  without  having  to 
change  their  structure  or  the  busi¬ 
ness  rules  that  are  built  into  them. 

Bose,  which  makes  audio  sys¬ 


tems,  uses  Siebel’s  CRM  tools  but 
has  also  installed  SAP’s  back- 
office  applications  and  People- 
Soft’s  human  resources  software. 
Arnold  said  he  hopes  to  implement 
some  of  the  UAN  technology  within 
his  systems  by  next  summer. 

Siebel  is  playing  catch-up  on  in¬ 
tegration  technology,  said  Joshua 
Greenbaum,  an  analyst  at  Enter¬ 
prise  Applications  Consulting  in 
Daly  City,  Calif.  Users  are  demand¬ 
ing  that  CRM  applications  become 
more  than  stand-alone  tools  and 
offer  integration  to  other  software, 
such  as  manufacturing,  supply 
chain  management  and  logistics 
systems,  he  added. 

Siebel  has  “to  get  moving”  with 
UAN  or  it  could  risk  being  margin¬ 
alized  by  SAP  and  other  rivals  that 
are  ahead  of  it  in  supporting  inte¬ 
gration  with  applications  other 
than  their  own,  Greenbaum  said. 

-  Marc  L.  Songini 
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FRANK  HAYES  -  FRANKLY  SPEAKING 

The  Faith  of  IT 

I  DON’T  HAVE  ANY  COMFORTING  LESSONS  or  politically 
convenient  conclusions  on  the  anniversary  of  Sept.  11.  By 
now  you’ve  probably  heard  what  it  all  means  dozens  of  times 
over,  from  deep  thinkers  far  more  confident  than  I  am  about 
what  we  should  do  and  how  we  should  feel  and  the  best  way 
to  commemorate  the  thousands  murdered  on  that  Tuesday  morn¬ 
ing  a  year  ago. 


Sorry,  but  I  don’t  know  how  to  sum  up  the 
deaths  of  thousands  of  people  in  a  few  catchy 
phrases. 

And  if  you  ask  me  what  it  means  for  corpo¬ 
rate  IT  shops,  I  don’t  know  that  either.  Yes,  we 
have  our  part  to  play  in  tightening  security,  im¬ 
proving  communications  and  preventing  more 
attacks.  But  what  it  really  means?  You’ll  have  to 
find  that  for  yourself. 

What  I  do  know,  from  the  endless  discus¬ 
sions  and  dissections  of  the  terrorists  during 
the  past  year,  is  that  those  murdered  thousands 
were  killed  by  people  who  hate  the  modern 
world.  They  took  control  of  our  technology, 
using  it  as  a  weapon  so  destructive  it  could  de¬ 
molish  skyscrapers.  But  they  did  it  in  the  name 
of  turning  back  the  clock. 

The  ideas  that  are  fundamental  to  the  mod¬ 
ern  world  —  science,  technology  and  most  of 
all,  information  —  were  anathema  to  the 
killers.  They  weren’t  just  trying  to  slaughter 
the  people  in  the  World  Trade  Center  and  the 
Pentagon.  They  wanted  to  destroy  progress. 

And  that’s  what  IT  people  are  all  about. 

We  believe  in  progress,  and  technology  and 
information.  We  believe  our  job  is  to  use  tech¬ 
nology  and  information  to  create  value  and 
benefit,  and  sometimes  even  good. 

We  believe  new  ideas  and  fresh  approaches 
can  be  better  than  old  ways  and  notions  — 
at  least  sometimes.  We  know  from 
long  experience  that  the  difference 
between  a  good  new  idea  and  a  bad 
new  idea  can  remain  invisible  to 
us  until  we  try  each  of  them,  and 
sometimes  until  we  try  them  again 
and  again. 

We  don’t  believe  technology  is 
an  unalloyed  good.  But  we  believe 
technology  can  be  used  to  make  in¬ 
dividuals  more  powerful  and  orga¬ 
nizations  more  effective.  And  we 
believe  those  who  wield  technology 
can  use  it  for  good. 

We  believe  in  information.  We 


believe  we  can  use  technology  to  store  and 
process  it,  but  also  to  discover  new  informa¬ 
tion  we  didn’t  know,  to  see  patterns  we  didn’t 
recognize  before. 

We  believe  in  communication.  We  believe 
it  can  bring  people  together  to  cooperate  or 
compete.  We  know  its  risks:  misunderstanding, 
conflict,  fear.  But  we  believe  those  risks  are 
worth  taking  for  the  opportunity  to  exchange 
ideas  with  people  we  otherwise  would  never 
come  to  know. 

We  believe  information  and  technology  can 
bridge  differences,  level  inequalities  and  offer 
opportunities.  We  believe  they  can  be  used  to 
heal  the  sick,  feed  the  hungry  and  make  lives 
better,  though  they’re  not  always  used  that  way. 

We  believe  in  the  new,  the  unfamiliar,  the 
different.  We  accept  the  unexpected.  We  de¬ 
light  in  coming  to  know  what  was  unknown. 

We  believe  in  complexity  and  confusion,  and  in 
overcoming  them  with  simplicity  and  clarity 
and  elegance  —  and,  when  necessary,  the  occa¬ 
sional  ugly  kludge. 

Most  of  all,  we  believe  in  progress.  We  be¬ 
lieve  things  can  get  better  —  not  just  that  next 
year’s  computer  or  network  or  software  will  be 
faster,  more  powerful  and  more  useful  than  this 
year’s  model,  but  also  that  over  time,  we  and 
our  companies,  our  industries,  even  our  soci¬ 
eties  can  be  transformed. 

We  believe  we  can  solve  prob¬ 
lems.  We  believe  that  once  those 
problems  are  truly  solved,  there 
can  be  no  going  back.  We  believe 
in  the  future.  We  believe  we  can 
change  the  world. 

These  are  the  beliefs  IT  people 
share,  no  matter  their  nation  or 
creed  or  culture. 

I  may  not  be  able  to  tell  you 
what  Sept.  11  means.  But  I  can  say 
this:  That  faith  in  progress,  tech¬ 
nology  and  the  future  is  about  as 
far  from  the  murderers  of  Sept.  11 
as  anyone  can  get.  I 


frank  hayes.  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

franK.hayes@computerworW.com. 


Laptops  for  Everyone! 

This  laptop  is  used  by  social  workers  for  field  inter¬ 
views,  so  power-saving  features  are  turned  on,  includ¬ 
ing  the  option  to  turn  off  the  computer’s  cooling  fan 
when  it  isn’t  needed.  But  it  hangs  sometimes,  reports 
IT  pilot  fish.  “I  finally  know  what  the  problem  is,”  user 
tells  fish  one  day.  “I  was  interviewing  a  man  who  told 
me  he  really  knows  a  lot  about  computers.  He  showed 
me  that  the  fan  wasn’t  turning  and  told  me  the  com¬ 
puter  just  needed  a  new  fan  belt.” 


Well,  No. . . 

User  complains 
his  new  laptop 
won’t  hold  a 
charge,  and  he’s 
already  replaced  the  bat¬ 
tery  once.  Support  pilot 
fish  checks  it  at  the 
user’s  desk.  “The  ma¬ 
chine  was  so  hot,  we 
couldn’t  pick  it  up,”  fish 
says  -  it’s  plugged  into 
the  docking  station  and 
the  travel  power  cord. 
User  explains,  “I  figured 
it  would  charge  the  bat¬ 
tery  twice  as  fast.” 

Plenty  of  Packing 

Help  desk  pilot  fish  in¬ 
structs  remote  user  to 
use  plenty  of  packing 
material  when  shipping 
his  laptop  for  repair.  But 
when  it  arrives,  the 
screen  looks  like  it’s 
been  hit  with  a  hammer. 
How  was  the  laptop 
packed?  “It  was  placed 
in  the  box  with  almost  an 
entire  ream  of  copier  pa¬ 
per.  Flat,  uncrumpled 
copier  paper,”  sighs  fish. 
“Might  as  well  have 
been  a  block  of  wood.” 

Right  Question 

New  remote  hire  can’t 
dial  in  to  get  e-mail,  and 
IT  pilot  fish  is  baffled. 
“We  went  through  the 
network  and  dial-up  set¬ 
tings,  but  nothing  was 
like  it  was  supposed  to 
be,”  says  fish.  “Finally, 


after  two  hours, 
I  ask  him  out 
of  pure  frustra¬ 
tion,  ‘Is  this  the 
laptop  that  I 
;  sent  you?’ Dead  silence 
I  -  then  he  said,  ‘No. . .’  ” 

j  Details,  Details 

j  Traveling  user  calls  sup- 
j  port  pilot  fish  to  com- 
j  plain  that  his  remote  ac- 
\  cess  isn’t  working.  Noth- 
j  ing  fish  tries  fixes  it,  and 
I  userisgettingirate.lt 
j  takes  several  days  be- 
j  fore  user  adds  one  more 
j  detail  to  his  complaint: 
i  “I  forgot  to  mention  that 
j  the  laptop  was  damaged 
i  due  to  a  fall  of  my  suit- 
j  case  at  the  airport.” 

|  Too  Late! 

!  Visiting  VIP’s  laptop  has 
!  an  “I”  key  that  won’t 
I  work,  and  support  pilot 
j  fish  is  asked  to  help.  But 
i  he’s  too  late.  “I  thought 
i  I’d  seen  everything,” 
j  says  fish.  “But  VIP  uses 
j  a  screwdriver  to  remove 
j  screws  from  bottom  of 
I  laptop  -  it’s  still  running 
j  -  flips  it  upright,  pries 
j  out  the  keyboard,  re- 
;  moves  the  cable,  blows 
i  on  the  connectors,  then 
j  puts  it  back  together.  It 
j  now  works.”  Turns  out 
|  VIP’s  own  help  desk 
i  knows  about  the  prob- 
j  lem  and  advises  travel- 
j  ers  to  keep  screwdrivers 
I  handy  just  in  case. 


OFEED  THE  SHARK!  Send  your  true  tale  of  IT  life  to 
sharky@computerworld.com.  You  snag  a  snazzy 
Shark  shirt  if  we  use  it.  And  check  out  the  daily  feed,  browse 
the  Sharkives  and  sign  up  for  Shark  Tank  home  delivery  at 

computerworld.com/sharky. 


Supplier  Intelligence  |  Organizational  Intelligence  |  Customer  Intelligence  j  Intelligence  Architecture  j  Enterprise  intelligence 


SAS  and  ail  other  SAS 


How  do  you  extract,  transform  and  i 
load  data  while  assuring  quality? 

Build  a  scalable  data  warehouse  a 
with  a  single  point  of  control? 


trademarks  or  trademarks  of  SAS 


The  Power  toKnow~ 
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SAS’  is  all  you  need  to  know. 


SAS  provides  a  high-impact,  low-risk  way 
to  achieve  intelligent  data  warehousing.  You  can 
surface  information  from  any  source -corporate 
systems,  e-business  channels,  your  supply  chain 
and  beyond- across  any  platform.  And  deliver  a 
shared  version  of  the  truth  throughout  your 
enterprise.  To  find  out  how  top  companies  reap 
bottom-line  rewards  with  SAS  software,  call  toll  free 
1  866  270  5727  or  visit  www.sas.com/warehouse 


And  simplify  the  way  you  create  ■ 
and  customize  enterprise  reports? 


50046US.05Q? 


INTEGRATION 

PLAY 


to  thrive,  all  your  business  processes,  from  supplier  to  customer,  must 
work  together  seamlessly.  It’s  the  key  to  a  profitable  infrastructure. 

2]  WIN  WITH  WEBSPHERE:  As  the  world’s  #1  integration  software, 
WebSphere  is  the  leading  software  platform  for  integrating  business 
processes,  applications,  platforms  and  people.  WebSphere.  Part  of 
our  software  portfolio  including  DB2?  Lotus®  and  Tivoli.® 

3]  MAKE  THE  PLAY:  Visit  ibm.com/websphere/integrate  and 
see  a  Webcast  on  how  WebSphere  can  help  cut  integration  costs. 


(e)  business  is  the  game.  Play  to  win? 


